Generating entropy with a wireless network card

Okay, I've written about entropy and the importance of it before. It's still important, so here is a short guide to generating entropy with a wireless network card on Ubuntu or debian (and possibly others).

Note: before you start doing this, you need a wifi card that supports monitor mode and one (or more) accesspoints - the busier, the better.

So, to generate entropy for the linux kernel by using a wireless network card, we need to capture all the traffic that comes by our network card. We then encrypt the traffic with a random password generated every time you start the script we will use. We encrypt the traffic to make sure, that even when the wireless networks have little or no traffic, the stream of data that the kernel gets will be fairly random.

Now, we need to install some programs:

sudo apt-get install rng-tools wireless-tools tcpdump

Next, you copy and paste this script into a file called /etc/init.d/randomwifi:

#!/bin/sh

# Configuration is here  
interface=wlan0  
fifo=/tmp/wifirandom.$$  
password=`openssl rand -base64 48` # only 48 chars long or a space will fsck up everything.

# find the channel most accesspoints are using, and configure the
wireless interface  
ifconfig $interface down  
iwconfig $interface mode managed  
ifconfig $interface up  
channel=$(iwlist wlan0 scan | grep Channel\: | uniq -c | sort | head -n 1 | cut -f2 -d\:)

echo Interface $interface is listening on channel $channel

iwconfig $interface channel $channel  
ifconfig $interface down  
iwconfig $interface mode monitor  
ifconfig $interface up

# make a fifo to put our random data in  
mkfifo $fifo

tcpdump -KnOSx -vvv -i $interface | openssl enc -aes-256-cbc -pass pass:$password > $fifo &  
sleep 1  
rngd -r $fifo -o /dev/random -t 1

Make sure this code can run by setting the execute flag on the file and make it start on boot:

chmod u+x /etc/init.d/randomwifi
sudo update-rc.d randomwifi defaults`

That's it! If your computer is located near a busy accesspoint, you should have plenty of entropy. :-)

Did you try this? Share your experiences below.


Written by Jannich Brendle man 31 januar 2011 In How to

tags: entropypostaweek2011securityubuntu

Related posts

social