Hardware Based Randomness For Linux

True randomness can be hard to come by in the digital world. [Andy Green] is making it easier to get true entropy by using this random USB dongle. The Whirlygig uses a CPDL to gather data from a set of of oscillators. The oscillators have a constantly fluctuating frequency due to temperature changes; if they run faster they generate more heat which in turn slows them down. This, along with the variable latency associated with polling a USB device, gives great depth of randomness. The device is detected and mounted under ‘/dev/hw_random’ and can then be fed into ‘/dev/random’ using the rng-tools package. [Andy’s] done a lot of testing, both on the hardware, and on the quality of randomness. We didn’t see an option to order this but he’s got hardware and firmware repositories so that you can throw one together yourself.

[Thanks Zunk]

28 thoughts on “Hardware Based Randomness For Linux

  1. Just a tip on Unix terminology – “mounting” is something you do with a file system. This is simply a device that appears at /dev/hw_random.

    And the software package is called “rng-tools”. RNG = Random Number Generator.

    Do you guys ever proof-read?
    /nitpick

    Intersting bit of hardware. Certainly more practical than the old lava-lamps-and-a-webcam hack from SGI.

  2. @Keith

    To detect when the hardware starts failing, you can create a hardware or software watchdog to regularly calculate the Entropy of a set of random samples. Given a sufficient big set, the Entropy should be near maximum.

    So, when the Entropy goes below a certain threshold, it is guaranteed that your HW-RNG is failing.

  3. @MrX:

    Yes, exactly.

    My (not terribly well-made) point: hardware RNGs are not “plug in and use forever” devices; they require constant monitoring to ensure the quality of their output.

  4. Is there any device which is “plug in and use forever”? Of course a hardware RNG will eventually fail, just like anything else. It is no different from running occasional filesystem checks on a hard drive, you do spot checks on the system to make sure it is still working within certain tolerances.

    That said, I am not sure how this relates to the project at hand. This device certainly doesn’t claim to be perfect, much less eternally perfect.

  5. @MS3FGX Is there any device which is “plug in and use forever”?

    Yes, my dick.

    I think Keith still have a point. HW-RNGs are mostly used for security applications and on those cases the randomness of that is critical.
    Making the device check the randomness of its output and discard sets of samples who are not, would be a important security improvement IMHO.

  6. @localroger

    I would like to try isolating a micro-controller tri-state pin from the environment and put it on low-impedance mode. I wonder how random the fluctuations on the readings will be.

  7. “The problem with most hardware random number generators is failure detection. How do you know when the hardware craps out and starts generating a “less random” data stream?”

    Take an FFT of the output to see what the spectrum is. If it’s flat then all is good otherwise it’s not.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.