Re: Adding entropy from external source into random number generator - how?
Date: Sun, 27 Mar 2022 02:16:17 UTC
On 3/26/22, freebsd-lists@sensation.net.au <freebsd-lists@sensation.net.au> wrote: > I think the best way to do it would be to call random_harvest_queue(...), > but what do I use as the source enum (see /usr/include/sys/random.h)? > ENTROPYSOURCE, I guess? Try search for use of that function in the source, and maybe look into how RNG cards attach even in /dev... random(4) random_harvest(9) random_fortuna kern.random.harvest.mask_symbolic crypto(4) crypto(9) rndtest(4) > I believe it's also possible to open /dev/random for write to inject entropy > but I cannot find any mention of that scenario in the man pages. Using serial port as entropy source (either as interrupt and/or data), even USB video audio radios environmentals, might already have a handbook or wiki page, if not then interested users could make one. If injecting that data isn't in random(4), a script example of that is in... /etc/rc.d/random Along with some entropy file parts mentioned in... loader.conf(5) rc.conf(5) The choice of 4096 bytes should be documented. Search also ports for RNG things. > whether ~45 kilobytes per second of > additional entropy is even useful in a typical situation? CSPRNGs often try not to break no matter how much output is read, accept a bit-equivalent amount of random seed (ie 256-bits), and are speed limited only by cpu system. If doing only this: "HWRNG_stream XOR plaintext_stream", then in that case you could only get ~45kB/s throughput. > All entropy is good entropy, right? At least one source must be good. Having more good sources monitored and feeding into things can serve as redundant coverage. Search: Claude Shannon, one time pad, XOR, CSPRNG, HWRNG, applications such as casinos bitcoin keygeneration fobs, fun sources to collect, etc.