<html style="direction: ltr;">
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<style>body p { margin-bottom: 0cm; margin-top: 0pt; } </style>
</head>
<body style="direction: ltr;"
bidimailui-detected-decoding-type="latin-charset" bgcolor="#FFFFFF"
text="#000000">
Hello Brian,<br>
<br>
Le 13/11/2011 01:07, Bryan Duffy a écrit :
<blockquote
cite="mid:1321142868.97383.YahooMailNeo@web162006.mail.bf1.yahoo.com"
type="cite">
<div style="color: rgb(0, 0, 0); background-color: rgb(255, 255,
255); font-family: times new roman,new york,times,serif;
font-size: 12pt;">
<div>Have the Entropy Key installed and working on Ubuntu 11.10
with no apparent problems. Question about the</div>
<div>output from the various data streams available on the
device sockets.</div>
<div><br>
</div>
</div>
</blockquote>
My Entropy Key is still on my Ubuntu 10.04 server. The Entropykey
is not easy to use on my laptop with 11.10 :)<br>
<br>
<blockquote
cite="mid:1321142868.97383.YahooMailNeo@web162006.mail.bf1.yahoo.com"
type="cite">
<div style="color: rgb(0, 0, 0); background-color: rgb(255, 255,
255); font-family: times new roman,new york,times,serif;
font-size: 12pt;">
<div>In Linux without an entropy key /dev/random is "blocked"
and released in chunks from the entropy pool as entropy is
available and /dev/urandom is not blocked and is a basically a
PRNG that is rekeyed (not sure how often) from the entropy
pool.</div>
<div><br>
</div>
<div>With the Entropy Key I notice there are 4 data streams:</div>
<div>1. The new /dev/tty???? has encrypted/armoured data from
the key to the entropyd</div>
</div>
</blockquote>
<blockquote
cite="mid:1321142868.97383.YahooMailNeo@web162006.mail.bf1.yahoo.com"
type="cite">
<div style="color: rgb(0, 0, 0); background-color: rgb(255, 255,
255); font-family: times new roman,new york,times,serif;
font-size: 12pt;">
<div>2. /dev/random seems to function the same as before, but
much faster due to the Entropy Key,</div>
</div>
</blockquote>
<br>
Yes sure I presume but not only.<br>
<br>
<blockquote
cite="mid:1321142868.97383.YahooMailNeo@web162006.mail.bf1.yahoo.com"
type="cite">
<div style="color: rgb(0, 0, 0); background-color: rgb(255, 255,
255); font-family: times new roman,new york,times,serif;
font-size: 12pt;">
<div>3. /dev/urandom seems to function from a PRNG as before,
but I would assume it is getting rekeyed much more frequently,
so the data should be of a better quality (is that a fair
assumption?).</div>
</div>
</blockquote>
<br>
I guess it is fair but you need to test first (see below)<br>
<br>
<blockquote
cite="mid:1321142868.97383.YahooMailNeo@web162006.mail.bf1.yahoo.com"
type="cite">
<div style="color: rgb(0, 0, 0); background-color: rgb(255, 255,
255); font-family: times new roman,new york,times,serif;
font-size: 12pt;">
<div>4. /dev/hwrng which is producing data at about 4 times as
fast as /dev/random.</div>
</div>
</blockquote>
<br>
Have you installed rng-tools package ? because you have another
random generator in your hardware (Intel CPU ? Intel Chipset ?)
that is not linked (my guess) to the (great) Entropy Key.<br>
<br>
<blockquote
cite="mid:1321142868.97383.YahooMailNeo@web162006.mail.bf1.yahoo.com"
type="cite">
<div style="color: rgb(0, 0, 0); background-color: rgb(255, 255,
255); font-family: times new roman,new york,times,serif;
font-size: 12pt;">
<div><br>
</div>
<div>What are the entropy qualities of these devices with
Entropy Key installed?</div>
<div>Which ones are truly random and which are rapidly keyed
PRNGs?</div>
</div>
</blockquote>
<br>
different options to test your random datas:<br>
The older "diehard" test on the CAcert related website :
<a class="moz-txt-link-freetext" href="http://www.cacert.at/cgi-bin/rngresults">http://www.cacert.at/cgi-bin/rngresults</a><br>
=> create a file with random data of your own (from 12MB to 40MB)
and upload the data file on this website for records and results.<br>
(try this site so we can share results)<br>
<br>
or locally install "dieharder" package (lastest version is available
on 11.10) with the following command.<br>
dieharder -a -f /dev/random <br>
and check each of your random source (replace /dev/random with what
you need) or a simple file.<br>
<br>
note : I would avoid "israndom" package or "ent" (package) unix
tools, not deep enough for testing randomness quality. ok for quick
test.<br>
<br>
to monitor your Linux entropy pool /dev/random (Entropy key or
Haveged feed /dev/random):<br>
watch -n 1 cat /proc/sys/kernel/random/entropy_avail<br>
<br>
<blockquote
cite="mid:1321142868.97383.YahooMailNeo@web162006.mail.bf1.yahoo.com"
type="cite">
<div style="color: rgb(0, 0, 0); background-color: rgb(255, 255,
255); font-family: times new roman,new york,times,serif;
font-size: 12pt;">
<div>Is /dev/hwrng direct output from the entropy key (after
decrypting) or does it get modified by the kernel in some
other way (mixed/rehashed)?</div>
</div>
</blockquote>
My guess : I don't think so. I guess your CPU or any device on your
mainboard has a Hardware PRNG or TRNG.<br>
<br>
<blockquote
cite="mid:1321142868.97383.YahooMailNeo@web162006.mail.bf1.yahoo.com"
type="cite">
<div style="color: rgb(0, 0, 0); background-color: rgb(255, 255,
255); font-family: times new roman,new york,times,serif;
font-size: 12pt;">
<div>Lastly, why (maybe it's just my machine) does the
/dev/hwrng output data about 4 times as fast as /dev/random if
they are both being supplied by the same source of purely
random data? Shouldn't they be similar is rate.<br>
</div>
<div><br>
</div>
</div>
</blockquote>
<br>
Tell us if you find an alternate source of Hardware RNG on your
computer please.<br>
<br>
<blockquote
cite="mid:1321142868.97383.YahooMailNeo@web162006.mail.bf1.yahoo.com"
type="cite">
<div style="color: rgb(0, 0, 0); background-color: rgb(255, 255,
255); font-family: times new roman,new york,times,serif;
font-size: 12pt;">
<div>I was hoping that someone could comment on these questions,
and whether or not /dev/hwrng is suitable for cryptographic
keys or should I stick with /dev/random?</div>
<div><br>
</div>
</div>
</blockquote>
<br>
Go for dieharder tests... make your own decision upon the results. <br>
<br>
You can also test "haveged" (package) daemon for a laptop (low on
cpu/battery). Or for a desktop/server "randomsound" (package) if
your soundcard input is prone to surronding noises. <br>
<br>
But the Entropy Key is far more stable and quality reliable than a
(you need a cheap) soundcard.<br>
<br>
<blockquote
cite="mid:1321142868.97383.YahooMailNeo@web162006.mail.bf1.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff; font-family:times
new roman, new york, times, serif;font-size:12pt">
<div>Thank you!<br>
</div>
<div>Bryan</div>
<div><br>
</div>
</div>
</blockquote>
<br>
Best regards,<br>
<br>
Guillaume Romagny<br>
<br>
<blockquote
cite="mid:1321142868.97383.YahooMailNeo@web162006.mail.bf1.yahoo.com"
type="cite">
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
EntropyKey-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:EntropyKey-users@lists.simtec.co.uk">EntropyKey-users@lists.simtec.co.uk</a>
<a class="moz-txt-link-freetext" href="http://lists.simtec.co.uk/cgi-bin/mailman/listinfo/entropykey-users">http://lists.simtec.co.uk/cgi-bin/mailman/listinfo/entropykey-users</a>
</pre>
</blockquote>
<p><br>
</p>
</body>
</html>