[Cryptography] The Crypto Pi

Ben Laurie ben at links.org
Sun Jan 25 11:41:35 EST 2015

On 25 January 2015 at 16:35, Ralf Senderek <crypto at senderek.ie> wrote:
> On Sun, 25 Jan 2015 15:27:09 Ben Laurie wrote:
>> quoting me:
>>> The Crypto Pi needs a random key with at least 128 bits of entropy
>>> for every message (AES). The desirable hardware platform would be
>>> the beagle bone and the OS OpenBSD to make auditing possible.
>>> But there is a problem with the randomness source on the beagle bone.
>>> I've monitored the state of the kernel's entropy pool via /proc and
>>> found that if you read 10 Bytes from /dev/random the entropy level
>>> drops by 52 bits. A short time later reading another 10 Bytes the
> beagle
>>> blocks for 54 seconds. Reading 20 bytes for the first time removes
>>> 116 bit of entropy from the pool and the second read blocks for nearly
>>> 70 seconds. The beagle bone needs 143 seconds to recover and to add
>>> a 100 bits of entropy back to the pool. There's no rngd running.
>> I'm not sure what "removing bits from the pool" really means -
>> extracting n bits from a pool does not, IMO, remove n bits, or even
>> any large fraction of n, from the pool.
> Well, I'm referring to the output of :
> /bin/cat /proc/sys/kernel/random/entropy_avail
> When I read bytes from /dev/random with dd and immediately check this
> file again, n bits are missing as a result of the read operation.
> So, IMHO, the whole system now has less entropy to feed to /dev/random. Am I
> wrong, when I assume that if the content of entropy_avail drops to
> zero, /dev/random is supposed to block?

My point is I don't believe that entropy_avail really represents a
useful measurement.

More information about the cryptography mailing list