Sihnon wiki

User Tools

Site Tools

You are here: start » netrng
netrng

Table of Contents

Setting up the Raspberry Pi as an entropy server

The Raspberry Pi has a hardware random number generator. Quick testing shows it can provide sufficient entropy to read from /dev/random at around 35kB/s.

  • Build the the bcm2708-rng kernel driver (required on at least raspbmc): 
    sudo su -
apt-get install build-essential bc gcc make
cd /tmp
wget http://www.mirrorservice.org/sites/raspbmc.com/downloads/bin/kernel/linux-headers-latest.deb.gz
mkdir x
dpkg-deb -x linux-headers-latest.deb.gz x
mv -v x/usr/src/linux-headers-$(uname -r)/Module.symvers /usr/src
cd /usr/src
gKernel=$(uname -r | sed 's/[0-9]*$/y/')
wget --no-check-certificate https://github.com/raspberrypi/linux/archive/rpi-$gKernel.tar.gz
tar xzf rpi-*.tar.gz
mv linux-rpi-*y rpi-linux
cd rpi-linux/
make mrproper
zcat /proc/config.gz > .config
sed -i 's/CONFIG_CROSS_COMPILE.*/CONFIG_CROSS_COMPILE=""/' .config
apt-get install ncurses-dev
make menuconfig
# Enable HW_RANDOM and HW_RANDOM_BCM2708
cp /usr/src/Module.symvers .
make modules SUBDIRS=drivers/char/hw_random/
modprobe hwrng_register
insmod drivers/char/hw_random/rng-core.ko
insmod drivers/char/hw_random/bcm2708-rng.ko
mkdir -p /lib/modules/3.12.31/kernel/drivers/char/hw_random/
cp drivers/char/hw_random/bcm2708-rng.ko /lib/modules/3.12.31/kernel/drivers/char/hw_random/
  • Install and start rngd to populate the local's system entropy pool from the hardware rng: 
    sudo apt-get install rng-tools
sudo bash -c 'echo "bcm2708-rng" >> /etc/modules'
initctl start rngd
  • Install NetRNG on both clients and the server: 
    sudo apt-get install git python-virtualenv python-dev
git clone https://github.com/infincia/NetRNG.git
sudo mv NetRNG /opt
cd /opt/NetRNG/
git fetch --tags origin
git checkout -b v0.1 v0.1
virtualenv /opt/NetRNG/env
source /opt/NetRNG/env/bin/activate
pip install -r /opt/NetRNG/requirements.txt
sudo cp netrng.conf.upstart /etc/init/netrng.conf 
sudo cp netrng.conf.sample /etc/netrng.conf
  • Start the NetRNG server on the Raspberry Pi: 
    sudo initctl start netrng

Setting up an entropy client

  • Install and run the NetRNG client on each network machine: 
    sudo vim /etc/netrng.conf
# Set mode = client, and the server IP address
sudo initctl start netrng
  • Verify it's working: 
    # Whenever the pool drops to 128 it should very quickly be refilled
watch -n 0.1 cat /proc/sys/kernel/random/entropy_avail
# For extra fun, try this both with and without netrng running:
cat /dev/random | pv -bart > /dev/null
# For me this measures 13KB/s with netrng running
# but only small numbers of B/s rapidly dropping towards zero with netrng stopped

Systemd unit file

For systems that use systemd instead of upstart, use the following service definition:

/etc/systemd/system/netrng.service
[Unit]
Description=NetRNG Entropy Client
After=syslog.target
 
[Service]
Type=simple
ExecStart=/opt/NetRNG/env/bin/python /opt/NetRNG/netrng.py
User=root
 
[Install]
WantedBy=multi-user.target

Future Improvements?

  • Currently the random data is provided over the network in cleartext which is not ideal. Stunnel or some kind of VPN would fix that, alternatively patching the netrng source code to use an encrypted socket connection.
  • A puppet module to manage the installation and configuration of client/server parts
netrng.txt · Last modified: by ben
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki