<html><body bgcolor="#FFFFFF"><div><br></div><div></div><blockquote type="cite"><div><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div><span>Thank you.</span></div><div><br></div><div><span>I now understand. After further inspection, my motherboard is equipped with an AMD-8111 chipset which has some sort of a TRNG built in. Either I had never noticed /dev/hwrng in prior Ubuntu releases or this is the first release where the node was created. That is not related to entropy key, but I just first noticed while poking around the /dev/ directory for the new entropy key entries.</span></div><div><br></div><div>I have the dieharder package and libs installed, so I will see how the AMD-8111 chipset /dev/hwrng numbers do compared with /dev/random + Entropy Key<br></div><div><br></div><div>I really like the entropy pool being kept full by the entropy key.</div><div><br></div><span>Thank you for all of the
help.<br></span><div>Bryan</div><div><br></div><div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"><div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"><font face="Arial" size="2"><hr size="1"><b><span style="font-weight:bold;">From:</span></b> Rob Kendrick <<a href="mailto:rjek@simtec.co.uk">rjek@simtec.co.uk</a>><br><b><span style="font-weight: bold;">To:</span></b> <a href="mailto:entropykey-users@lists.simtec.co.uk"><a href="mailto:entropykey-users@lists.simtec.co.uk">entropykey-users@lists.simtec.co.uk</a></a><br><b><span style="font-weight: bold;">Cc:</span></b> Entropy Key Support <<a href="mailto:ekey@simtec.co.uk">ekey@simtec.co.uk</a>><br><b><span style="font-weight: bold;">Sent:</span></b> Sunday, November 13, 2011 6:02 AM<br><b><span style="font-weight: bold;">Subject:</span></b> Re: Difference in output streams.<br></font><br>
On Sat, Nov 12, 2011 at 04:07:48PM -0800, Bryan Duffy wrote:<br>> Have the Entropy Key installed and working on Ubuntu 11.10 with no apparent problems. Question about the<br>> output from the various data streams available on the device sockets.<br>> <br>> In Linux without an entropy key /dev/random is "blocked" and released in chunks from the entropy pool as entropy is available and /dev/urandom is not blocked and is a basically a PRNG that is rekeyed (not sure how often) from the entropy pool.<br>> <br>> With the Entropy Key I notice there are 4 data streams:<br>> 1. The new /dev/tty???? has encrypted/armoured data from the key to the entropyd,<br>> 2. /dev/random seems to function the same as before, but much faster due to the Entropy Key,<br>> 3. /dev/urandom seems to function from a PRNG as before, but I would assume it is getting rekeyed much more frequently, so the data should be of a better quality (is that a fair
assumption?).<br>> 4. /dev/hwrng which is producing data at about 4 times as fast as /dev/random.<br><br>The TTY is simply the communications channel; a lot more goes over it<br>than just entropy: has authentication and status information, etc.<br><br>Both /dev/random and /dev/urandom share the same "pool". The difference<br>is that /random blocks when that pool reaches a low watermark, and<br>/urandom remixes what it already has when the pool reaches that<br>watermark. This means that if the pool has enough data in it, both<br>device node provide real, true entropy. With an entropy key, this means<br>that /urandom almost always provides this.<br><br>/hwrng is a hang-over from kernel-based RNG hardware drivers that don't<br>inject into the pool that /random and /urandom use. Its performance<br>varies depending on what hardware you have, and the quality of the<br>output will be unknown due to none of the careful mixing
and management<br>that the pools for /random and /urandom perhaps not taking place.<br><br>> What are the entropy qualities of these devices with Entropy Key installed?<br><br>/random and /urandom are very high quality regardless of the source of<br>entropy that are fed to them. The Entropy Key simply makes sure they're<br>constantly fed with good data to start with, which helps /random not to<br>block and /urandom to be a real RNG most of the time.<br><br>> Which ones are truly random and which are rapidly keyed PRNGs?<br><br>/urandom is the only "PRNG", and it is only a PRNG when the pool is low<br>on entropy (see the contents of /proc/sys/kernel/random/entropy_avail; I<br>believe the default low watermark for when urandom becomes a PRNG is<br>128.). Otherwise, both /random and /urandom produce real random<br>numbers. I don't believe any rekeying happens there as such: my<br>understanding of its inner workings is that it
essentially becomes a<br>stream cipher using the data already passed through it as the key.<br><br>> Is /dev/hwrng direct output from the entropy key (after decrypting) or does it get modified by the kernel in some other way (mixed/rehashed)?<br><br>/dev/hwrng has nothing to do with the Entropy Key. If you want direct<br>output from the Entropy Key, you can configure ekeyd to dump the output<br>to file or configure it to run in EGD server mode and write a small<br>client to request data from it. See the configuration file in<br>/etc/entropykey/<br><br>> Lastly, why (maybe it's just my machine) does the /dev/hwrng output data about 4 times as fast as /dev/random if they are both being supplied by the same source of purely random data? Shouldn't they be similar is rate.<br><br>As I said above, it's probably that they're not related at all; they're<br>two totally different systems. /hwrng may be being provided by a
system<br>(such as a TPM, or other on-board device) that is not being as thorough<br>in their paranoia or security as the Entropy Key or /random. It's also<br>possible that the hardware that is feeding /dev/hwrng is faster: the<br>Entropy Key is engineered with absolute performance as a concern that<br>comes after security/correctness and price point.<br><br>> I was hoping that someone could comment on these questions, and whether or not /dev/hwrng is suitable for cryptographic keys or should I stick with /dev/random?<br><br>I would stick with /random, as it is a known quantity and very difficult<br>to get bad results out of it, even if you wrote a program that<br>constantly shoved zeros into it. If it is not fast enough for your<br>needs and you have no idea what is feeding /hwrng or its quality, then<br>use /random to frequently rekey a good crytographic PRNG.<br><br>-- <br>Rob Kendrick, Support Team Lead
Simtec Electronics<br>Telephone: +44 (0)1772 978013 Avondale Drive, Tarleton<br>Fax: +44 (0)1772 816426 Preston, Lancs, PR4 6AX, UK<br><a href="http://www.simtec.co.uk/">http://www.simtec.co.uk/</a> mailto:<a ymailto="mailto:rjek@simtec.co.uk" href="mailto:rjek@simtec.co.uk"><a href="mailto:rjek@simtec.co.uk">rjek@simtec.co.uk</a></a><br><br>_______________________________________________<br>EntropyKey-users mailing list<br><a ymailto="mailto:EntropyKey-users@lists.simtec.co.uk" href="mailto:EntropyKey-users@lists.simtec.co.uk"><a href="mailto:EntropyKey-users@lists.simtec.co.uk">EntropyKey-users@lists.simtec.co.uk</a></a><br><a href="http://lists.simtec.co.uk/cgi-bin/mailman/listinfo/entropykey-users">http://lists.simtec.co.uk/cgi-bin/mailman/listinfo/entropykey-users</a><br><br><br></div></div></div></div></blockquote></body></html>