best way to create entropy?
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are some tasks better than others?
On Thu, Oct 11, 2012 at 5:01 PM, shawn wilson <ag4ve.us@gmail.com> wrote:
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are some tasks better than others?
Personally, I've used and recommend this USB stick: http://www.entropykey.co.uk/ Internally, it uses diodes that are reverse-biased just ever so close to the breakdown voltage such that they randomly flip state back and forth. Cheers, jof
On 10/11/2012 5:08 PM, Jonathan Lassoff wrote:
On Thu, Oct 11, 2012 at 5:01 PM, shawn wilson <ag4ve.us@gmail.com> wrote:
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are some tasks better than others? Personally, I've used and recommend this USB stick: http://www.entropykey.co.uk/
Internally, it uses diodes that are reverse-biased just ever so close to the breakdown voltage such that they randomly flip state back and forth.
Cheers, jof
Intel claims to include a hardware Digital Random Number Generator (DRNG) in its later generation chips. Is their offering inadequate/discredited? http://en.wikipedia.org/wiki/RdRand http://www.pcmag.com/article2/0,2817,2391367,00.asp http://www.intel.com/p/en_US/embedded/innovation/security/walker-article-sec... http://software.intel.com/en-us/articles/intel-digital-random-number-generat...
On Fri, Oct 12, 2012 at 12:49 AM, Robert M. Enger <NANOG@enger.us> wrote:
On 10/11/2012 5:08 PM, Jonathan Lassoff wrote:
On Thu, Oct 11, 2012 at 5:01 PM, shawn wilson <ag4ve.us@gmail.com> wrote:
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are some tasks better than others?
Personally, I've used and recommend this USB stick: http://www.entropykey.co.uk/
Internally, it uses diodes that are reverse-biased just ever so close to the breakdown voltage such that they randomly flip state back and forth.
Cheers, jof
Intel claims to include a hardware Digital Random Number Generator (DRNG) in its later generation chips. Is their offering inadequate/discredited?
http://en.wikipedia.org/wiki/RdRand http://www.pcmag.com/article2/0,2817,2391367,00.asp http://www.intel.com/p/en_US/embedded/innovation/security/walker-article-sec... http://software.intel.com/en-us/articles/intel-digital-random-number-generat...
that's good to know about. i'll have to remember it when tech moves along in a year or so. but, right now, i don't think i have that capability. also, i'd prefer to have a chip agnostic solution as a month or so ago, i wanted to create a key on a raspberry pi (should've just copied one over) and it took forever to generate enough entropy - even as i was compiling stuff. after that, i considered tcpdump.
In message <50776926.1030704@enger.us>, "Robert M. Enger" writes:
On 10/11/2012 5:08 PM, Jonathan Lassoff wrote:
On Thu, Oct 11, 2012 at 5:01 PM, shawn wilson <ag4ve.us@gmail.com> wrote:
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are some tasks better than others? Personally, I've used and recommend this USB stick: http://www.entropykey.c o.uk/
Internally, it uses diodes that are reverse-biased just ever so close to the breakdown voltage such that they randomly flip state back and forth.
Cheers, jof
Intel claims to include a hardware Digital Random Number Generator (DRNG) in its later generation chips. Is their offering inadequate/discredited?
http://en.wikipedia.org/wiki/RdRand http://www.pcmag.com/article2/0,2817,2391367,00.asp http://www.intel.com/p/en_US/embedded/innovation/security/walker-article-sec... rity http://software.intel.com/en-us/articles/intel-digital-random-number-generat... r-drng-software-implementation-guide/
Which is about time. It's not like this hasn't been needed for 10+ years. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On 10/11/12 17:08 -0700, Jonathan Lassoff wrote:
On Thu, Oct 11, 2012 at 5:01 PM, shawn wilson <ag4ve.us@gmail.com> wrote:
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are some tasks better than others?
Personally, I've used and recommend this USB stick: http://www.entropykey.co.uk/
Internally, it uses diodes that are reverse-biased just ever so close to the breakdown voltage such that they randomly flip state back and forth.
+1. -- Dan White
I know that a popular method for generating random bit streams is to take radio (stellar) noise and convert it into a digital bit stream. Very popular among crypto geeks. Steven Naslund -----Original Message----- From: Dan White [mailto:dwhite@olp.net] Sent: Thursday, October 11, 2012 10:55 PM To: Jonathan Lassoff Cc: North American Network Operators Group Subject: Re: best way to create entropy? On 10/11/12 17:08 -0700, Jonathan Lassoff wrote:
On Thu, Oct 11, 2012 at 5:01 PM, shawn wilson <ag4ve.us@gmail.com> wrote:
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are some tasks better than others?
Personally, I've used and recommend this USB stick: http://www.entropykey.co.uk/
Internally, it uses diodes that are reverse-biased just ever so close to the breakdown voltage such that they randomly flip state back and forth.
+1. -- Dan White
On Thu, 11 Oct 2012, Dan White wrote:
On 10/11/12 17:08 -0700, Jonathan Lassoff wrote:
On Thu, Oct 11, 2012 at 5:01 PM, shawn wilson <ag4ve.us@gmail.com> wrote:
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are some tasks better than others?
Personally, I've used and recommend this USB stick: http://www.entropykey.co.uk/
Internally, it uses diodes that are reverse-biased just ever so close to the breakdown voltage such that they randomly flip state back and forth.
+1.
and with ekeyd-egd-linux you can distribute the entropy from an entropykey over the net - great for giving vm some randomness. -- [http://pointless.net/] [0x2ECA0975]
again, to add some input to my own question - i happened to be compiling openssh and found this in the install doc: NB. If you operating system supports /dev/random, you should configure OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of /dev/random, or failing that, either prngd or egd PRNGD: If your system lacks kernel-based random collection, the use of Lutz Jaenicke's PRNGd is recommended. http://prngd.sourceforge.net/ EGD: The Entropy Gathering Daemon (EGD) is supported if you have a system which lacks /dev/random and don't want to use OpenSSH's internal entropy collection. http://www.lothar.com/tech/crypto/ hopefully i'll find the time to figure out what is different about "OpenSSH's internal entropy collection", the above systems, and haveged. On Sat, Oct 13, 2012 at 10:11 PM, Jasper Wallace <jasper@pointless.net> wrote:
On Thu, 11 Oct 2012, Dan White wrote:
On 10/11/12 17:08 -0700, Jonathan Lassoff wrote:
On Thu, Oct 11, 2012 at 5:01 PM, shawn wilson <ag4ve.us@gmail.com> wrote:
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are some tasks better than others?
Personally, I've used and recommend this USB stick: http://www.entropykey.co.uk/
Internally, it uses diodes that are reverse-biased just ever so close to the breakdown voltage such that they randomly flip state back and forth.
+1.
and with ekeyd-egd-linux you can distribute the entropy from an entropykey over the net - great for giving vm some randomness.
-- [http://pointless.net/] [0x2ECA0975]
Hi, When you let OpenSSH use the egd protocol directly it will get its entropy from an egd daemon. Otherwise it uses /dev/random. When you use ekeyd-egd-linux then you feed the entropy from the egd daemon to the pool used for /dev/random. That way you are not completely dependent on the egd daemon, and other applications that need entropy benefit from the better-filled pool. And yes, I run ekeyd-egd-linux on many VMs :-) Sander
On Sat, Oct 13, 2012 at 11:11:20PM +0100, Jasper Wallace wrote:
and with ekeyd-egd-linux you can distribute the entropy from an entropykey over the net - great for giving vm some randomness.
You would then be interested in http://hundun.ae7.st. Server I setup just a week or so ago doing this very thing. However, if using a server's random data, it's important you mix it into your /dev/random device, rather than using the data directly. After all, how can you trust the admin, that he's not keeping track of which client is receiving which data? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o
On Fri, Oct 12, 2012 at 12:08 AM, Jonathan Lassoff <jof@thejof.com> wrote:
On Thu, Oct 11, 2012 at 5:01 PM, shawn wilson <ag4ve.us@gmail.com> wrote:
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are some tasks better than others?
Personally, I've used and recommend this USB stick: http://www.entropykey.co.uk/
not sure how much others care about server entropy in general. however, after reading this: http://strugglers.net/~andy/blog/2010/06/06/adventures-in-entropy-part-1/ i'm basically sold on that entropykey. $30 for a entropy through electron tunneling with tons of failsafes.... wow. i might just have to get two so i can nail the other to a frame, hang it on a wall and geek out every now and again :)
Hi Shawn, On Fri, Oct 12, 2012 at 04:05:22AM +0000, shawn wilson wrote:
not sure how much others care about server entropy in general. however, after reading this: http://strugglers.net/~andy/blog/2010/06/06/adventures-in-entropy-part-1/
They are fun though I still have not found a good way to monitor when they're being exhausted.. http://serverfault.com/questions/354532/how-to-tell-when-an-entropy-key-is-o... Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting
Nature, via radio active decay! http://www.fourmilab.ch/hotbits/ -- Tim Edwards c: 206-604-5776 On Thursday, October 11, 2012 at 5:01 PM, shawn wilson wrote:
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are some tasks better than others?
On 10/11/12, shawn wilson <ag4ve.us@gmail.com> wrote:
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are
You are referring to the entropy pool used for /dev/random and crypto operations ? You could setup a video capture card or radio tuner card, tune it into a good noise source, and arrange for the bit stream to get written to /dev/random Because anything written to /dev/random gets mixed in / XOR'ed into the entropy pool
some tasks better than others?
-- -JH
On Thu, Oct 11, 2012 at 5:20 PM, Jimmy Hess <mysidia@gmail.com> wrote:
On 10/11/12, shawn wilson <ag4ve.us@gmail.com> wrote:
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are
You are referring to the entropy pool used for /dev/random and crypto operations ?
You could setup a video capture card or radio tuner card, tune it into a good noise source, and arrange for the bit stream to get written to /dev/random
Yes, but then you're also introducing a way for an external attacker to transmit data that can be mixed into your entropy pool. While certainly a cool hack, I don't think anything like this would be safe for cryptographic use. </two cents> Cheers, jof
On Thu, Oct 11, 2012 at 05:25:37PM -0700, Jonathan Lassoff wrote:
Yes, but then you're also introducing a way for an external attacker to transmit data that can be mixed into your entropy pool.
XORring predictable data to random data does not yield a predictable result. /dev/random is world writable so if writing to it causes the random generator to output something predictable it's a bug that needs to be fixed. Also, an analog TV receiver will always have some noise that is not predictable even if you are transmitting a known signal to it. If you seriously need good entropy for cryptography, I think you will not ask about it on nanog, and I'd be very wary of cheap hardware RNGs too.
On Fri, Oct 12, 2012 at 12:25 AM, Jonathan Lassoff <jof@thejof.com> wrote:
On Thu, Oct 11, 2012 at 5:20 PM, Jimmy Hess <mysidia@gmail.com> wrote:
On 10/11/12, shawn wilson <ag4ve.us@gmail.com> wrote:
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are
You are referring to the entropy pool used for /dev/random and crypto operations ?
You could setup a video capture card or radio tuner card, tune it into a good noise source, and arrange for the bit stream to get written to /dev/random
Yes, but then you're also introducing a way for an external attacker to transmit data that can be mixed into your entropy pool.
While certainly a cool hack, I don't think anything like this would be safe for cryptographic use.
which i guess means my tcpdump is also a bad idea... i've heard of looking at radio, voltage, and video. i was really wondering about a good every day solution - something easily implemented on any computer. so maybe a way of getting random network traffic or something random from computers around you. i'm not verisign or any other type of company that needs to generate thousands of keys in a day, but sometimes i need to generate a half dozen or so, and my entropy runs out pretty quickly. the radio idea might work for me if i could get a wire and a cheap amplifier and plug it into a headphone jack or possibly figure out a ccd type thing on a motor that would give me noise for my sound card. but i was hoping for something even more simple than that - maybe wifi noise?
On 10/11/12, Jonathan Lassoff <jof@thejof.com> wrote:
Yes, but then you're also introducing a way for an external attacker to transmit data that can be mixed into your entropy pool.
The binary operations used to 'mix in' data preserve entropy, when non-random data is mixed in, given the birwise operation A (+) B. The result is guaranteed to have entropy no less than the entropy of A, and also guaranteed to have entropy no less than the entropy of B. The transmitter/source of data does not control the system's administrative structures, so it is not possible for one source of data to "reduce" or "compromise" the entropy of an entropy pool. An external attacker would have to have a way of making the other sources of entropy unavailable, and make sure the system over-estimates the amount of remaining entropy, to ensure _no_ new entropy is available, other than their fake entropy. That risk is dwarfed by the risk of physical tampering, installation of remote bugs to steal key material, etc.
While certainly a cool hack, I don't think anything like this would be safe for cryptographic use.
These methods of generating entropy, when implemented reasonably, are far better than perfectly adequate for the generation of random numbers for one time pads, and cryptographic keys for long term use; for very high security purposes, as in 3-letter agency use, multiple independent sources of entropy are recommended. For high security applications, actions should always be contemplated to detect or protect against tampering with the hardware and software, or using software to steal key material. That may involve the use of smart cards, or dedicated single-purpose hardware security modules to generate and store keys, so a general purpose computer never has access to the keys, only a very simple one, that performs just the required crypto operations, when the proper number of authorized users prove their identity and ask the device to perform crypto operations. For applications that don't require that... RF noise from one source fed to /dev/random is highly adequate :)
jof -- -JH
On Oct 11, 2012, at 5:01 PM, shawn wilson <ag4ve.us@gmail.com> wrote:
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are some tasks better than others?
I find that giving a screwdriver and a hammer to a child between the ages of 4 and 10 will usually do pretty well. Owen
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Shawn, On 12/10/12 02:01, shawn wilson wrote:
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are some tasks better than others?
Not necessary the best way, but haveged* might be interesting to try out. It generates entropy based on differences in the cpu timestamp counters. Linux-only though. gr, Lex *) http://www.issihosts.com/haveged/ - -- LRO-RIPE | 398E38C3 | 748D 6359 389B 4E5A 4A44 82F5 BEC5 07FD 398E 38C3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJQd+MfAAoJEL7FB/05jjjDBwQH/iaHGxx2Qh7BGBKpVJoUtH29 XCMsoDDY7mplhy7Z5WJG7UbfSjm3V+JNA8z6w6rfmiVX87iJLz6o4tEWOSmi4uZZ yj5Zgu3bqIBzcDdPNZ/3QKCRVRVNyT5b9V/mquXnr0kRIh8ZfpHbXycWcV75V634 MUebTftiT34ZSk3AcCdC+sntukW9cmb7Iht/4p1WD0DBb7FvidqYI24ezIkX92wc ehZp4Iu8cNxAwhsezRFY3hIi/nyMjUFekO2sl9o3CoB7g/S/8uIHBwp9LmkhpNi8 L+JB7SV36cTNT0r8wfITDwas0LpWjau96HwrQQOMq/9rSAW55BvPa+btOgyGKcg= =XpPc -----END PGP SIGNATURE-----
On Friday 12 October 2012 00:01:18 shawn wilson wrote:
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are some tasks better than others?
Haveged, every time. Linux 3.7 will be getting some improvements in terms of entropy collection, to the point that it may well render haveged unnecessary. Generally speaking I find that it's VMs that prove to suffer from low entropy (and thus benefit greatly from haveged) Regards, Oliver
On 11/10/12 5:01 PM, shawn wilson wrote:
in the past, i've done many different things to create entropy - encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a kernel. but, what is best? just whatever gets your cpu to peak or are some tasks better than others? You might want to take a look at: http://www.lavarnd.org/news/lavadiff.html
jc
On 10/16/12, JC Dill <jcdill.lists@gmail.com> wrote: It's interesting... though Lava lamps require heat to work, so not necessarily energy efficient. In theory, you shouldn't really need the lava lamp part. Just the digital camera part.. operate at a high ISO, say ISO 3000, dark background, and manual shutter and aperature controls, configured to achieve exposure with minimal light (E.g. a lowest possible usable exposure at the highest speed you can get), analyze, and discard the value of any pixels that statistically show as "hot" or "correlated" and capture the inherent CCD sensor noise due to unpredictability of electrons, which you maximized, without having to have any movement in the scene.
You might want to take a look at: http://www.lavarnd.org/news/lavadiff.html
jc -- -JH
On 16/10/12 8:06 PM, Jimmy Hess wrote:
On 10/16/12, JC Dill <jcdill.lists@gmail.com> wrote:
You might want to take a look at: http://www.lavarnd.org/news/lavadiff.html
It's interesting... though Lava lamps require heat to work, so not necessarily energy efficient. In theory, you shouldn't really need the lava lamp part. Just the digital camera part..
You didn't read the whole page. On the right side: our LavaRnd^tm Spelled *LavaRnd*, mixed case with 2 a's Reference implementation uses lens-capped digital cameras to produce random numbers. Directly produces cryptographically sound <http://www.lavarnd.org/faq/crypto_sound.html> random numbers. A single camera image frame can typically produce between 340 and 1420 bytes bytes of random numbers. jc
participants (18)
-
Aaron Toponce
-
Andy Smith
-
Dan White
-
Jasper Wallace
-
JC Dill
-
Jimmy Hess
-
Jonathan Lassoff
-
Jussi Peltola
-
Lex van Roon
-
Mark Andrews
-
Naslund, Steve
-
Oliver
-
Owen DeLong
-
Robert M. Enger
-
Sander Steffann
-
shawn wilson
-
Tim Edwards
-
Valdis.Kletnieks@vt.edu