Entropy Pool

[Veldkornet]

Hey guys,

I was wondering what everyone's thoughts were around the routers default entropy levels?
While I understand that my home router is not exactly an enterprise web server or anything, would it not be better to have better entropy on the router? Even if it's just for the SSH keys etc?

Out of interest, I was watching the entropy with the below:

watch -n 1 cat /proc/sys/kernel/random/entropy_avail

I noticed that it constantly hovered around 130-180. Usually it's advised to keep this above 200, although personally I think that even that's a bit low and usually keep my devices in the high 1000's at minimum.

For those who don't know, entropy is s like a pool of random numbers (/dev/random) that are mainly used in cryptography. A lack of entropy can have a negative impact on performance and security.

I'm not sure if there is a hardware module available on the router for this, but usually an easy way is to just use something like haveged or rng-tools (i.e. rngd), to keep the pool in healthy levels by just setting the service to read from /dev/urandom and writing to /dev/random.

I've done something similar to the above to fix the entropy on my RaspberryPi's as well:

*Edit, I see rng-tools is already available in OpenWRT and entware, so I've put in a request at entware-ng. On my OpenWRT router the entropy is now close to 4000 constantly with the below config (which was default), much better

#!/bin/sh /etc/rc.common
# Copyright (C) 2011-2014 OpenWrt.org

START=98

RNGD_INTERVAL=30
RNGD_AMOUNT=4000
RNGD_DEVICE="/dev/urandom"

start() {
        service_start /sbin/rngd -r $RNGD_DEVICE -W $RNGD_AMOUNT
}

stop() {
        service_stop /sbin/rngd
}

 

[Denna]

@Veldkornet,

Did you ever get the Entware-NG version of rng-tools working on Asuswrt-Merlin ?

How do you script it to start ?​

 

[Veldkornet]

Well, I requested that it be added to entware-ng, which eventually did happen.

But before it was added, I moved from Asuswrt to pfSense; so I never tested it.

I would imagine that the service script works the same as all the others though?


Sent from my iPhone using Tapatalk

 

[ryzhov_al]

I was wondering what everyone's thoughts were around the routers default entropy levels?

As for me, I didn't found any USB-based solutions for this purpose

 

[bigeyes0x0]

As for me, I didn't found any USB-based solutions for this purpose

http://www.entropykey.co.uk/ Something like this?

@Others: I have tried rngd from entware-ng and it does work. Will add it to my dnscrypt-proxy script instead of using self built haveged which might cause maintainability issue for me later.

 

[buddyp]

There's this: http://ubld.it/products/truerng-hardware-random-number-generator/

No experience with it, but it got a good review on one of the hardware hacker sites earlier this week

 

[Denna]

http://www.entropykey.co.uk/ Something like this?

@Others: I have tried rngd from entware-ng and it does work. Will add it to my dnscrypt-proxy script instead of using self built haveged which might cause maintainability issue for me later.

@bigeyes0x0,

Would you share your startup script for rngd ?​

 

[Denna]

There's this: http://ubld.it/products/truerng-hardware-random-number-generator/

No experience with it, but it got a good review on one of the hardware hacker sites earlier this week

Here's a newer version.

http://ubld.it/truerng_v3​

 

[sfx2000]

For those who don't know, entropy is s like a pool of random numbers (/dev/random) that are mainly used in cryptography. A lack of entropy can have a negative impact on performance and security.

The depth of the entropy pool can impact performance, as code that drinks from the pool may be blocked if this pool is drained... has no impact on security in and of itself, as the kernel's RNG is very good at what it does...

There's some concern amongst crypto folks that haveged and rng-tools, while they keep the pool full, may be generating numbers that are not random enough... conversely, these do pass certain tests to ensure that they're random enough for government tests...

The rng-tools package - as long as it's configured correctly, I think it's more than good enough - and with a chipset that has hardware RNG blocks, that's good.

Haveged - same here, except it doesn't have dependency on a dedicated hw RNG, so it can be very helpful.

The key thing here - is configure them properly - the ArchLinux WiKi has some good tips here...

But for code that uses the /dev/random and /dev/urandom - as long as the pool is full enough - exim, which is a secure mail transport agent, similar to sendmail, had a real problem with entropy...

Believe it or not, the pool is more than just encryption/authentication - certain versions of linux (like pretty much every current version/distro) use that pool to randomize memory space, so the pool running out (or low) can impact performance, like I mentioned above.

 

[Denna]

From the command-line ...

/opt/sbin/rngd --no-tpm=1 -o /dev/random

... results in ...

can't open any entropy source
Maybe RNG device modules are not loaded

According to "https://wiki.archlinux.org/index.php/Rng-tools", there is supposed to be a /etc/conf.d/rngd configuration file. Using the Entware-NG package on Asuswrt-Merlin, does this file exist ? Or is RNGD supposed to be started from the command-line ?

What should the "-r" syntax be ?​

 

[sfx2000]

According to "https://wiki.archlinux.org/index.php/Rng-tools", there is supposed to be a /etc/conf.d/rngd configuration file. Using the Entware-NG package on Asuswrt-Merlin, does this file exist ? Or is RNGD supposed to be started from the command-line ?

Sounds like a mapping issue with Optware... linux kernel is going to put some kind of output to some place...

On most linux boxes - cat /dev/random

 

[kvic]

But for code that uses the /dev/random and /dev/urandom - as long as the pool is full enough ...

Believe it or not, the pool is more than just encryption/authentication - certain versions of linux (like pretty much every current version/distro) use that pool to randomize memory space...

Old ones support some incarnation of this sort too. Even the kernel in ASUSWRT does.

Anyway, I think it's pointless to use rng-tool to source from /dev/urandom and feed into /dev/random. As I mentioned in another thread before, applications will make use of /dev/urandom automatically in almost all situations.

 

[Veldkornet]

What should the "-r" syntax be ?​

/dev/urandom

Check my first post where I had an example of the service script. Doesn't it work the same in asuswrt?



Sent from my iPhone using Tapatalk

 

[ryzhov_al]

There's this: http://ubld.it/products/truerng-hardware-random-number-generator/

http://www.entropykey.co.uk/ Something like this?

Thanks for links, I hope those ones can ship it to Russia.

Believe it or not, the pool is more than just encryption/authentication - certain versions of linux (like pretty much every current version/distro) use that pool to randomize memory space, so the pool running out (or low) can impact performance, like I mentioned above.

There was a funny story with one of famous vendor last year, which wasn't uncovered by mass media. f/w devs made an application for routers where /dev/urandom was used to make access tokens. Some users complained they can control other devices in rare cases. There reason was a lack of true RNG and real time clock on home routers: when it boots, you can catch the same (predictable) numbers from /dev/random as long as it's still calculated from current time.

 

[ryzhov_al]

PS Just wonder: Is there any open online sources of true RNG sequences which I can trust or it's a bad idea?

 

[bigeyes0x0]

Maybe this https://www.random.org/bytes/

The exact direct link is https://www.random.org/cgi-bin/randbyte?nbytes=10&format=f for file format.

 

[Odkrys]

I can see the difference.
Test was too slow without rng, so canceled it.
Is it good for what ?

 

[sfx2000]

There was a funny story with one of famous vendor last year, which wasn't uncovered by mass media. f/w devs made an application for routers where /dev/urandom was used to make access tokens. Some users complained they can control other devices in rare cases. There reason was a lack of true RNG and real time clock on home routers: when it boots, you can catch the same (predictable) numbers from /dev/random as long as it's still calculated from current time.

Remember the Debian SSL bug from 2008? - https://www.debian.org/security/2008/dsa-1571

 

[buddyp]

Here's a newer version.

http://ubld.it/truerng_v3​

That was actually the device I saw the review for. I managed to google up a link to an old version. doh!

 

[Denna]

/dev/urandom

Check my first post where I had an example of the service script. Doesn't it work the same in asuswrt?



Sent from my iPhone using Tapatalk

@Veldkornet,

From the ArchLinux wiki at "https://wiki.archlinux.org/index.php/Rng-tools".

Warning: Some tutorials available in the Internet, and even early versions of rng-tools package, recommend the following line for systems without TRNG:
RNGD_OPTS="-o /dev/random -r /dev/urandom"
Of course, this is a really bad idea, since you are simple filling the kernel entropy pool with entropy coming from the kernel itself!