User Tools

Site Tools


netrng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

netrng [2015/01/31 20:52]
ben created
netrng [2015/01/31 21:05] (current)
ben
Line 1: Line 1:
 ====== Setting up the Raspberry Pi as an entropy server ====== ====== Setting up the Raspberry Pi as an entropy server ======
  
-  ​* Build the the ''​bcm2708-rng''​ kernel driver ​for support for the raspberry pi's hardware random number generator: <code lang="​bash">​+The Raspberry Pi has a hardware random number generator. Quick testing shows it can provide sufficient entropy to read from ''/​dev/​random''​ at around ''​35kB/​s''​. 
 + 
 +  ​* Build the the ''​bcm2708-rng''​ kernel driver ​(required on at least ''​raspbmc''​): <code lang="​bash">​
 sudo su - sudo su -
 apt-get install build-essential bc gcc make apt-get install build-essential bc gcc make
Line 20: Line 22:
 apt-get install ncurses-dev apt-get install ncurses-dev
 make menuconfig make menuconfig
 +# Enable HW_RANDOM and HW_RANDOM_BCM2708
 cp /​usr/​src/​Module.symvers . cp /​usr/​src/​Module.symvers .
 make modules SUBDIRS=drivers/​char/​hw_random/​ make modules SUBDIRS=drivers/​char/​hw_random/​
Line 56: Line 59:
 # Set mode = client, and the server IP address # Set mode = client, and the server IP address
 sudo initctl start netrng sudo initctl start netrng
 +</​code>​
 +  * Verify it's working: <code lang="​bash">​
 +# Whenever the pool drops to 128 it should very quickly be refilled
 +watch -n 0.1 cat /​proc/​sys/​kernel/​random/​entropy_avail
 +# For extra fun, try this both with and without netrng running:
 +cat /dev/random | pv -bart > /dev/null
 +# For me this measures 13KB/s with netrng running
 +# but only small numbers of B/s rapidly dropping towards zero with netrng stopped
 </​code>​ </​code>​
  
Line 73: Line 84:
 WantedBy=multi-user.target WantedBy=multi-user.target
 </​code>​ </​code>​
 +
 +====== Future Improvements?​ ======
 +
 +  * Currently the random data is provided over the network in cleartext which is not ideal. Stunnel or some kind of VPN would fix that, alternatively patching the netrng source code to use an encrypted socket connection.
 +  * A puppet module to manage the installation and configuration of client/​server parts
 +
netrng.txt · Last modified: 2015/01/31 21:05 by ben