====== Setting up the Raspberry Pi as an entropy server ======

The Raspberry Pi has a hardware random number generator. Quick testing shows it can provide sufficient entropy to read from ''/dev/random'' at around ''35kB/s''.

  * Build the the ''bcm2708-rng'' kernel driver (required on at least ''raspbmc''): <code lang="bash">
sudo su -
apt-get install build-essential bc gcc make
cd /tmp
wget http://www.mirrorservice.org/sites/raspbmc.com/downloads/bin/kernel/linux-headers-latest.deb.gz
mkdir x
dpkg-deb -x linux-headers-latest.deb.gz x
mv -v x/usr/src/linux-headers-$(uname -r)/Module.symvers /usr/src
cd /usr/src
gKernel=$(uname -r | sed 's/[0-9]*$/y/')
wget --no-check-certificate https://github.com/raspberrypi/linux/archive/rpi-$gKernel.tar.gz
tar xzf rpi-*.tar.gz
mv linux-rpi-*y rpi-linux
cd rpi-linux/
make mrproper
zcat /proc/config.gz > .config
sed -i 's/CONFIG_CROSS_COMPILE.*/CONFIG_CROSS_COMPILE=""/' .config
apt-get install ncurses-dev
make menuconfig
# Enable HW_RANDOM and HW_RANDOM_BCM2708
cp /usr/src/Module.symvers .
make modules SUBDIRS=drivers/char/hw_random/
modprobe hwrng_register
insmod drivers/char/hw_random/rng-core.ko
insmod drivers/char/hw_random/bcm2708-rng.ko
mkdir -p /lib/modules/3.12.31/kernel/drivers/char/hw_random/
cp drivers/char/hw_random/bcm2708-rng.ko /lib/modules/3.12.31/kernel/drivers/char/hw_random/
</code>
  * Install and start ''rngd'' to populate the local's system entropy pool from the hardware rng: <code lang="bash">
sudo apt-get install rng-tools
sudo bash -c 'echo "bcm2708-rng" >> /etc/modules'
initctl start rngd
</code>
  * Install ''NetRNG'' on both clients and the server: <code lang="bash">
sudo apt-get install git python-virtualenv python-dev
git clone https://github.com/infincia/NetRNG.git
sudo mv NetRNG /opt
cd /opt/NetRNG/
git fetch --tags origin
git checkout -b v0.1 v0.1
virtualenv /opt/NetRNG/env
source /opt/NetRNG/env/bin/activate
pip install -r /opt/NetRNG/requirements.txt
sudo cp netrng.conf.upstart /etc/init/netrng.conf 
sudo cp netrng.conf.sample /etc/netrng.conf 
</code>
  * Start the ''NetRNG'' server on the Raspberry Pi: <code lang="bash">
sudo initctl start netrng
</code>

====== Setting up an entropy client ======

  * Install and run the ''NetRNG'' client on each network machine: <code lang="bash">
sudo vim /etc/netrng.conf
# Set mode = client, and the server IP address
sudo initctl start netrng
</code>
  * Verify it's working: <code lang="bash">
# Whenever the pool drops to 128 it should very quickly be refilled
watch -n 0.1 cat /proc/sys/kernel/random/entropy_avail
# For extra fun, try this both with and without netrng running:
cat /dev/random | pv -bart > /dev/null
# For me this measures 13KB/s with netrng running
# but only small numbers of B/s rapidly dropping towards zero with netrng stopped
</code>

====== Systemd unit file ======

For systems that use systemd instead of upstart, use the following service definition: <code lang="text" /etc/systemd/system/netrng.service>
[Unit]
Description=NetRNG Entropy Client
After=syslog.target

[Service]
Type=simple
ExecStart=/opt/NetRNG/env/bin/python /opt/NetRNG/netrng.py
User=root

[Install]
WantedBy=multi-user.target
</code>

====== Future Improvements? ======

  * Currently the random data is provided over the network in cleartext which is not ideal. Stunnel or some kind of VPN would fix that, alternatively patching the netrng source code to use an encrypted socket connection.
  * A puppet module to manage the installation and configuration of client/server parts