This shows you the differences between two versions of the page.
netrng [2015/01/31 20:52] ben created |
netrng [2015/01/31 21:05] ben |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Setting up the Raspberry Pi as an entropy server ====== | ====== Setting up the Raspberry Pi as an entropy server ====== | ||
- | | + | The Raspberry Pi has a hardware random number generator. Quick testing shows it can provide sufficient entropy to read from ''/ |
+ | |||
+ | | ||
sudo su - | sudo su - | ||
apt-get install build-essential bc gcc make | apt-get install build-essential bc gcc make | ||
Line 20: | Line 22: | ||
apt-get install ncurses-dev | apt-get install ncurses-dev | ||
make menuconfig | make menuconfig | ||
+ | # Enable HW_RANDOM and HW_RANDOM_BCM2708 | ||
cp / | cp / | ||
make modules SUBDIRS=drivers/ | make modules SUBDIRS=drivers/ | ||
Line 56: | Line 59: | ||
# Set mode = client, and the server IP address | # Set mode = client, and the server IP address | ||
sudo initctl start netrng | sudo initctl start netrng | ||
+ | </ | ||
+ | * Verify it's working: <code lang=" | ||
+ | # Whenever the pool drops to 128 it should very quickly be refilled | ||
+ | watch -n 0.1 cat / | ||
+ | # For extra fun, try this both with and without netrng running: | ||
+ | cat /dev/random | pv -bart > /dev/null | ||
+ | # For me this measures 13KB/s with netrng running | ||
+ | # but only small numbers of B/s rapidly dropping towards zero with netrng stopped | ||
</ | </ | ||
Line 73: | Line 84: | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
</ | </ | ||
+ | |||
+ | ====== Future Improvements? | ||
+ | |||
+ | * Currently the random data is provided over the network in cleartext which is not ideal. Stunnel or some kind of VPN would fix that, alternatively patching the netrng source code to use an encrypted socket connection. | ||
+ | * A puppet module to manage the installation and configuration of client/ | ||
+ |