Random numbers

[Kent Borg]

Sandy Harris wrote:
>> I don't know how well that is going to work out on highly tailored
>> servers that have no sound chip at all.  Not even on-board speakers.
>>     
>
> And no chipset RNG either? And no spare slot for a sound
> card? Or USB for a USB sound device?
>
> In that case, I guess you're toasted, but I think it might
> be a fairly rare case.
>   

Not toast by a long shot.  Use the default. 

/dev/urandom is getting lots of entropy from the network card.  The 
exact value of the timestamp counter (TSC) when it is read by the 
interrupt service routine has entropy in the lowest order bits.  That is 
real.  It will stir the entropy pool.  You are good-to-go for most 
purposes.  (Now start worrying about how secure your computer is in 
general.)

Unless you have some very special requirements.  (What?) 


If one really wants some extra entropy from a real source, there are 
other sources.  For example, can you use the sensors system to read your 
fan RPMs?  If so, you can set up a process that reads all the fan speeds 
once a second, and write that into /dev/urandom.

Sure, the fan speeds are not completely secret, but the *exact* speed at 
any moment is going to be a little unpredictable.  And when someone 
opens or closes a door or even walks by, the speed might change a little 
more.  Use that to mix the entropy pool and a little bit of real 
randomness will be added.  Heck, might as well feed in all of the 
temperatures and voltages you can read for your chipset, for they are 
not rock solid and someone at distance isn't going the details of the 
changes--and that makes those changes a source of entropy.  Heck, if you 
want to scoop up every little bit of entropy in your box, look at 
smartctl output, disk temperature and error statistics are also 
something that will have some variation over time and will not be 
readily known from the outside.

But mostly, the ethernet interface is going to be a fine source of 
entropy, unless you have some special circumstances.  And SHA-1 is a 
great way to produce really nice random data, even if you are entropy 
starved.


-kb


P.S.  More on why ethernet is good: Remember, the TSC is counting the 
2-something GHz system clock.  That clock was multiplied up from a much 
lower frequency clock, using analog circuitry--there will be some jitter 
in that, but mostly, 2-something GHz is damn fast.  At 2 Ghz a couple 
inches is a long way--at half the speed of light (optimistic guess for 
electrical signals running through a circuit board), 1 tick of the 
system clock is enough time for news of the tick to travel only about 
75mm.  Your ethernet jack is farther than that from the CPU.  (The 
diameter of CPU chip itself is a reasonable fraction of that distance!)  
A packet arrives at the ethernet jack--what is the TSC value?  Well, 
whatever it is, it doesn't matter, the ethernet card needs to process 
the packet first.  What is the TSC value when the ethernet card sends 
its interrupt?  Again, it doesn't matter.  What is the TSC value when 
the interrupt signal reaches the CPU?  It still doesn't matter.  What is 
the TSC value when the CPU decides to process the interrupt?  Even this 
doesn't matter.  The only thing that matters is the TSC value when the 
interrupt routine reads the TSC, and only the interrupt routine knows 
the value of the TSC when it reads the TSC.  That makes the lowest bit 
(or more) an entropy source.  That will be used to mix your entropy 
pool, the more entropy in the TSC-value, the more thorough the mixing.  
Far from toast.