Linux and entropy


From Docunext Tech Stuff

Jump to: navigation, search

[edit] Randomness

Randomness is needed for good security. The linux kernel uses disk activity, mouse movements, and keyboard activity. On embedded systems, this is bubkis. I use RNG tools to add randomness, even on systems without a hardware device.

Oddly, some network interface drivers use IRQ interrupts to feed randomness to the kernel. (*), if that reference link goes away, here's some of what it says: 

IRQF_SAMPLE_RANDOM
Defined as a preprocessor macro in:

    * linux/include/linux/interrupt.h, line 49 

Referenced (in 22 files total) in:

    * linux/arch/arm/mach-pxa/lubbock.c, line 427
    * linux/include/linux/interrupt.h:
          o line 49
          o line 61 
    * linux/kernel/irq/handle.c, line 148
    * linux/kernel/irq/manage.c, line 273
    * linux/drivers/usb/gadget/omap_udc.c:
          o line 3007
          o line 3016 
    * linux/drivers/usb/gadget/pxa2xx_udc.c:
          o line 2586
          o line 2597
          o line 2614 
    * linux/drivers/input/keyboard/gpio_keys.c, line 79
    * linux/drivers/serial/mpc52xx_uart.c, line 229
    * linux/drivers/serial/uartlite.c, line 199
    * linux/drivers/net/3c527.c, line 438
    * linux/drivers/net/ixgb/ixgb_main.c, line 267
    * linux/drivers/net/macb.c, line 1062
    * linux/drivers/net/ibmlana.c, line 785
    * linux/drivers/net/3c523.c, line 292
    * linux/drivers/net/netxen/netxen_nic_main.c, line 624
    * linux/drivers/net/atl1/atl1_main.c, line 1764
    * linux/drivers/net/tg3.c:
          o line 6889
          o line 6894
          o line 6912 
    * linux/drivers/net/cris/eth_v10.c, line 675
    * linux/drivers/net/mv643xx_eth.c, line 797
    * linux/drivers/net/qla3xxx.c, line 3382
    * linux/drivers/i2c/chips/isp1301_omap.c, line 1581
    * linux/drivers/i2c/chips/tps65010.c, line 528

I was looking for IRQF_SAMPLE_RANDOM thanks to this page which describes the process of adding network activity to the kernel.

I followed those guidelines to add nic activity to the IRQ's that are used to gather entropy for the sis900 driver and it worked. NOTE: Since network activity over the internet can potentially be eavesdropped upon, it is not the best source of random data, but it is better than nothing in my humble opinion. The predictability of the network activity decreases drastically over local private networks, but I'm not so sure about VPNs. In situations where I need lots of random data, I use a hardware random number generator.

I just did the same for the eepro100.c, 3c59x.c, sky2.c, and natsem.c files too. Its pretty easy, I just search for "IRQF", make sure it looks like the line described in kerneltrap, then add " | IRQF_SAMPLE_RANDOM" after IRQF_SHARED.

Combined with using rng-tools to harvest and test randomness from /dev/urandom, I feel good about the quality of the randomness. With rng-tools, you can even set a limit to the amount of randomness it contributes to the kernel.

[edit] Using RNG-Tools to feed randomness

I use rng-tools, random data, and stdin to add entropy and randomness to the kernel. When running ttylinux, I found there was no /dev/stdin. I checked my debian machine and found this file: 

vim udev/links.conf 

# This file does not exist. Please do not ask the debian maintainer about it.
# You may use it to do strange and wonderful things, at your risk.

L fd    /proc/self/fd
L stdin   /proc/self/fd/0
L stdout  /proc/self/fd/1
L stderr  /proc/self/fd/2
L core    /proc/kcore
L sndstat /proc/asound/oss/sndstat

D pts
D shm

M null    c   1 3
M console c   5 1

# Hic sunt leones.
M ppp   c 108 0
D loop
M loop/0  b   7 0
D net
M net/tun c  10 200

Pretty funny, no? Anyway I'm trying to create those links on the ttylinux machine so I can add randomness.

Retrieved from "http://www.docunext.com/wiki/Linux_and_entropy"
Personal tools