mail at robertoragusa.it
Sun Aug 22 15:46:38 UTC 2010
Wolfgang S. Rupprecht wrote:
> Is there an approved way to increase the speed at which the random pool
> for /dev/random fills up? I'm playig with dnssec and getnerating 2k rsa
> keys is taking up to 3 hours. I've been googling a bit and Intel x86_64
> machines seem to have random number hardware built in (perhaps also
> AMD???) Is there a way to funnel this into the entropy pool?
You need two things:
1) an entropy source
2) a program to feed entropy to the kernel
As for 1) there are hardware generators based on physical phenomenons
(from electronic noise to nuclear decay). I would suggest you to use
an audio input sampling some noise (fan noise). The ambient noise
in addition to the electrical noise will be a good entropy source
if you sample at 48000Hz/16bits. Another opportunity is a webcam
(pointed to a fan, blinking LEDs, or a window with wind moving leaves
and clouds...) or an analogic TV acquisition board (not tuned).
If you take this data and write it into /dev/random, the entropy pool
gets cryptographically messed up.
But the entropy count will not go up.
You need a tool issuing a specific ioctl to do that.
Maybe it already exists, if not, it should be just a few lines of C.
Be very conservative with your entropy count (for example: for 1 second
of audio, just add 100 bits). I just did a quick test with ambient noise
and gzip is almost unable to compress down what I've sampled. That is a
sign that there is a good quantity of entropy.
Even at these paranoia levels, you will cut down the 3 hours a lot.
Roberto Ragusa mail at robertoragusa.it
More information about the users