Improving randomness and entropy in ubuntu 9.10

Some time ago I read about random numbers and the linux kernel. The linux kernel uses things like network activity and keyboard/mouse interrupts to gather entropy for its random number generator. But sometimes, the kernel run out of entropy, and that is a bad thing.

What is entropy?

Entropy is a measure of the uncertainty associated with a random variable. This means that the more entropy the linux kernel have got, the harder it gets to predict what numbers the random number generator will generate next.

So.. How do you see how much entropy your linux kernel have got at the moment? Simple. Type in cat /proc/sys/kernel/random/entropy_avail in a terminal. While I'm writing this, the entropy of my linux kernel is between 120 and 200.

Using /dev/urandom as a entropy source

Alright. The theory behind this is that linux got two distinct special files with random data in them; /dev/random and /dev/urandom. While /dev/random blocks and doesn't deliver anymore random data when the entropy of the kernel is exhausted, /dev/urandom does not, it simply reuses the entropy.
To do this, first install the rng-tools package:

sudo apt-get install rng-tools

Then, edit the file /etc/default/rng-tools and this to the bottom of the file
HRNGDEVICE=/dev/urandom
and restart rng-tools:

sudo /etc/init.d/rng-tools restart

So does it work? Not for me. When I restart rng-tools, I see a raise in the available entropy, but it drops down to the original level between 120 and 200. That does not mean that it won't work for you however.

Randomsound

Randomsound is a pretty simple program, which will use the low order bit of the ADC output of your sound card (record static noise, that is), debias it, and inject it into the kernel's random pool. It can be tweaked to only write into the pool when it drops below a certain level, and to back off once the pool is full enough, which is great if you have more than one source of entropy.
You can install it in your package manager, or in a terminal:

sudo aptitude install randomsound

It runs as a service, so you shouldn't worry about starting it.

It works! Before starting the randomsound program, my kernels entropy was between 120 and 200. When I start randomsound (sudo /etc/init.d/randomsound start), the entropy available rises to 3840, then drops to around 250, then raises to 3840 again. You can configure randomsound to fill up the kernels entropy pool if the amount of entropy drops below a certain point, say, 2000 bits.
To do this, open the file /etc/default/randomsound in your preferred text editor and add this line:

DAEMON_OPTS="-m2000"

Now restart randomsound with this command

sudo /etc/init.d/randomsound restart

Of course, for randomsound to work, you need a soundcard. ;-)

The Clock Randomness Gathering Daemon

The Clock randomness gathering daemon gathers entropy from timing-differences between different physical high-frequency clocks in your computer. The randomness is then tested with FIPS, and if the random data passes this test, it is passed to the kernel's entropy pool.
Now this tool isn't in the ubuntu package archive, so if you want to use this, you need to compile it yourself. But don't worry, I will tell you how to do that. Just type the instructions in a terminal window.

cd ~
sudo aptitude install build-essential
wget http://gentoo.lagis.at/distfiles/clrngd-1.0.3.tar.gz
tar xzf clrngd-1.0.3.tar.gz
cd clrngd-1.0.3
./configure
make
sudo ./clrngd

It didn't work too well for me. Once every 240 seconds the kernels entropy rose to about 3500, and then slowly dropped back to between 100 and 200. Since clrngd only delivers entropy every 3 minutes, it's not suited for desktop usage, let alone server usage. It might work better for you and it might not, give it a shot. ;-)

Timer Entropy Daemon

The timer entropy daemon adds entropy by measuring how much longer or shorter a sleep takes (this fluctuates a little - microseconds) compared to how long time it should take. The time for a sleep jitters due to that the frequency of the clocks of the timers change when they become colder or hotter (and a few other parameters).
The amount of entropy produced varies greatly. This is how to compile it:

cd ~
sudo aptitude install build-essential
wget http://www.vanheusden.com/te/timer_entropyd-0.1.tgz
tar xzf timer_entropyd-0.1.tgz
cd timer_entropyd-0.1/
make
sudo ./timer_entropyd

The timer entropy daemon will daemonize itself and add entropy to the kernels pool. To see how much entropy it gathers, type

sudo tail -f /var/log/syslog/

This worked very good for me. The kernels available entopy never dropped below 2000, so it's certainly something people running servers should consider using. :-)

Of course you can buy a hardware random number generator, like the entropy key manufactured by Simtec, which works in linux! :-D

Did you try any of these? What were your results? Do you know of any other entropy sources


Written by Jannich Brendle man 01 marts 2010 In How to

tags: hackhowtolinuxrandomnesssecurityubuntuxubuntu

Related posts

social