back to index

Entropy Factory

Introduction

For VPNs, SSL, PKI, and encryption in general, a source of strongly random numbers is required. Algorithm-based generators are generally deemed unreliable and attackable, having natural tendency to generate predictable sequences, weakening the randomness they produce, weakening the cipher suite depending on them.

Better sources are based on hardware. Then a thermal noise is used as the entropy source, or the noise of Zener junction.

Hardware

On most contemporary computer motherboards a soundcard is integrated. This often includes the boards for lower- and middle-grade servers, where the chance someone will sit nearby and listen to music is nil. Such machine sits in its shoebox in a colocation facility and the soundcard chip is wasted there, posing a free resource waiting for its use.

So we have a board with an analog input, and a need to supply the software with random numbers. Situation begging for a hardware generator of audio noise.

Numerous schematics exist. I picked the simplest one I found, with three transistors and few passive parts. For the pics of the prototype, check the photographs.

The construction is optimized for being powered from 12V taken from a hard drive power supply connector, feeding noise to the CD-Audio input of the system board. The audio cable cannibalized from between the board and the CDROM unit came up handy for this connection - nobody will ever use a CDROM drive of the server to listen to music, so this gives us another free part.

The resulting noise quality is rather poor, with measured entropy of only 5-6 bits per byte. Software postprocessing is required if we want a cryptography-grade noise.

Software

The software postprocessing is simple. Read a block of 128 bytes from the audio source (eg, /dev/dsp, or /dev/dsprandom (which is a symlink to the audio input device which serves as our noise source). Check the block if there is a signal present, preventing the blunders like fallen-off cable or forgotten device or wrong setting of audiocard mixer. Hash the block of data read with MD5. Take the resulting output and either feed it to an output file (if we want to generate eg. an one-time pad), or to /dev/random (if we want it to continually feed the entropy pool).

The experimental implementation of the one-time pad generator is here: makernd.c.

The software can produce 10-20,000 bits of pure whitened entropy per second, which should be enough for a common-grade smaller-scale server machine. (Machines with larger-scale requirements shouldn't be likely to rely on a limited-performance $2 device anyway.)

Support software

Ent, the Entropy Tester. Download here.
FIPS-140, the standard tester of input entropy level. Download here.

(Note: this hardware generator without preprocessing consistently fails this test. Whitened data pass without loss of a point, though.)
Stan, STream ANalyzer, another entropy tester. Gives nice output. Download here.

Audio Entropy Daemon, for feeding /dev/random

from /dev/dsp. Possibly useful together with the Entropy Factory generator.

Restrictions

None at all. Everyone has the same right to pursue happiness and security, regardless of nationality and geopolitical situation (which changes too fast to keep track of anyway).


If you have any comments or questions about the topic, please let me know here:
Your name:
Your email:
Spambait
Leave this empty!
Only spambots enter stuff here.
Feedback: