Some time ago I read about random numbers and the linux kernel. The linux kernel uses things like network activity and keyboard/mouse interrupts to gather entropy for its random number generator. But sometimes, the kernel run out of entropy, and that is a bad thing.
What is entropy?
Entropy is a measure of the uncertainty associated with a random variable. This means that the more entropy the linux kernel have got, the harder it gets to predict what numbers the random number generator will generate next.
So.. How do you see how much entropy your linux kernel have got at the
moment? Simple. Type in
cat /proc/sys/kernel/random/entropy_avail in a
terminal. While I'm writing this, the entropy of my linux kernel is
between 120 and 200.
Using /dev/urandom as a entropy source
Alright. The theory behind this is that linux got two distinct special
files with random data in them;
/dev/random blocks and doesn't deliver anymore random data when the
entropy of the kernel is exhausted,
/dev/urandom does not, it simply
reuses the entropy.
To do this, first install the rng-tools package:
sudo apt-get install rng-tools
Then, edit the file
/etc/default/rng-tools and this to the bottom of
and restart rng-tools:
sudo /etc/init.d/rng-tools restart
So does it work? Not for me. When I restart rng-tools, I see a raise in the available entropy, but it drops down to the original level between 120 and 200. That does not mean that it won't work for you however.
Randomsound is a pretty simple program, which will use the low order bit
of the ADC output of your sound card (record static noise, that is),
debias it, and inject it into the kernel's random pool. It can be
tweaked to only write into the pool when it drops below a certain level,
and to back off once the pool is full enough, which is great if you have
more than one source of entropy.
You can install it in your package manager, or in a terminal:
sudo aptitude install randomsound
It runs as a service, so you shouldn't worry about starting it.
It works! Before starting the randomsound program, my kernels entropy
was between 120 and 200. When I start randomsound
sudo /etc/init.d/randomsound start), the entropy available rises to
3840, then drops to around 250, then raises to 3840 again. You can
configure randomsound to fill up the kernels entropy pool if the amount
of entropy drops below a certain point, say, 2000 bits.
To do this, open the file
/etc/default/randomsound in your preferred
text editor and add this line:
Now restart randomsound with this command
sudo /etc/init.d/randomsound restart
Of course, for randomsound to work, you need a soundcard. ;-)
The Clock Randomness Gathering Daemon
The Clock randomness gathering daemon gathers entropy from
timing-differences between different physical high-frequency clocks in
your computer. The randomness is then tested with FIPS, and if the
random data passes this test, it is passed to the kernel's entropy
Now this tool isn't in the ubuntu package archive, so if you want to use this, you need to compile it yourself. But don't worry, I will tell you how to do that. Just type the instructions in a terminal window.
cd ~ sudo aptitude install build-essential wget http://gentoo.lagis.at/distfiles/clrngd-1.0.3.tar.gz tar xzf clrngd-1.0.3.tar.gz cd clrngd-1.0.3 ./configure make sudo ./clrngd
It didn't work too well for me. Once every 240 seconds the kernels entropy rose to about 3500, and then slowly dropped back to between 100 and 200. Since clrngd only delivers entropy every 3 minutes, it's not suited for desktop usage, let alone server usage. It might work better for you and it might not, give it a shot. ;-)
Timer Entropy Daemon
The timer entropy daemon adds entropy by measuring how much longer
or shorter a sleep takes (this fluctuates a little - microseconds)
compared to how long time it should take. The time for a sleep jitters
due to that the frequency of the clocks of the timers change when they
become colder or hotter (and a few other parameters).
The amount of entropy produced varies greatly. This is how to compile it:
cd ~ sudo aptitude install build-essential wget http://www.vanheusden.com/te/timer_entropyd-0.1.tgz tar xzf timer_entropyd-0.1.tgz cd timer_entropyd-0.1/ make sudo ./timer_entropyd
The timer entropy daemon will daemonize itself and add entropy to the kernels pool. To see how much entropy it gathers, type
sudo tail -f /var/log/syslog/
This worked very good for me. The kernels available entopy never dropped below 2000, so it's certainly something people running servers should consider using. :-)
Of course you can buy a hardware random number generator, like the entropy key manufactured by Simtec, which works in linux! :-D
Did you try any of these? What were your results? Do you know of any other entropy sources
Written by Jannich Brendle man 01 marts 2010 In How to