True RNG and GnuPG / libgcrypt

NIIBE Yutaka gniibe at fsij.org
Thu Sep 26 04:45:59 CEST 2013


On 2013-09-11 at 20:42 +0200, Matthias-Christian Ott wrote:
> On 2013-09-02 05:27, NIIBE Yutaka wrote:
> > There are two issues for me, now.
> >
> >   (1) I don't find any method to feed entropy (for /dev/random) on
> >       *BSD system
> 
> From a quick look at the FreeBSD source code of /dev/random, you can
> feed entropy into it, if it uses Yarrow. If it uses the VIA Padlock RNG
> [1], it won't work.
> 
> As far as I can tell from the source code, on illumos, OpenBSD,
> DragonFlyBSD, NetBSD and XNU you can also feed entropy into /dev/random.
> 
> On Microsoft Windows it seems you can't feed entropy into the kernel.
> But there is the EGDW [2]. On ReactOS CryptGenRandom and RtlGenRandom
> don't use a CPRNG.
> 
> Minix 3 and Haiku allow you to feed entropy into /dev/random.
> 
> Plan 9 doesn't allow writes to /dev/random and doesn't use a CPRNG for
> /dev/random.
> 
> On HP-UX you can't write to /dev/random or /dev/urandom. On AIX you can
> feed entropy into /dev/random and /dev/urandom.
> 
> If you're concerned about some other obscure POSIX-like operating
> system, I'll try my best to find some information about its /dev/random.
> But I think it safe to say that on all major operating system except
> Microsoft Windows, you can write to /dev/random and the data written is
> feed into an entropy pool of the kernel.

Thanks a lot for your research.

It was my misunderstanding that we couldn't feed entropy on *BSD.

I also did some research.

I checked Debian GNU/kFreeBSD system, and find exactly same init
script which feeds entropy from a file at start up and saves random
data at shutdown.

I checked NetBSD's init scripts and found /etc/rc.d/random_seed which
does same thing (by rndctl command).

Well, it is possible for a user of standalone NeuG RNG device to feed
its random data to kernel (of most operating system), so that GnuPG
(or other applications) can get good random data.  That's good.

For me, it will be simple and solid if we can use the output of an RNG
device directly, for key generation operation of GnuPG, given the
condition where such an RNG device has best quality.

I mean, it would be good to have an interface which allows using RNG
device directly (even if /dev/random is available).
-- 





More information about the Gnupg-devel mailing list