{{tag>[hardware security raspberrypi rng]}}
=====RPi's hardware RNG (from scratch)=====
[[http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis-hardware-random-number-generator/|Source]]
====Install Raspbian====
... with OS X, download latest version and dd to SDcard
sudo diskUtil list
sudo diskUtil unmountDisk /dev/disk1
sudo dd bs=1m if=2013-12-20-wheezy-raspbian.img of=/dev/rdisk1
====Log into your RPi====
Check you DHCP server log for the IP-address
ssh pi@
password: raspberry
* Change the pi's user password (passwd)
* Create your own account (useradd)
====Configure Raspbian====
sudo raspi-config
* Expand file system
* Boot to console
* Locale: en_US.UTF-8 UTF-8
* Create DNS record
* Change hostname (/etc/hostname)
* Configure static ip (/etc/network/interfaces)
Install vim:
sudo apt-get install vim
Add own user to sudo group
sudo usermod -G sudo
====Update Raspbian====
sudo apt-get update
sudo apt-get -y dist-upgrade
sudo rpi-update
sudo reboot
====Load bcm2708-rng module====
sudo modprobe bcm2708-rng
Add the following line to /etc/modules
sudo vi /etc/modules
# add line below:
bcm2708-rng
Install rng-tools
sudo apt-get install rng-tools
Device /dev/hwrng should now be available
$ ls -l /dev/hwrng
crw------- 1 root root 10, 183 Jan 7 17:30 /dev/hwrng
====Test=====
Quote: Just a quick note on FIPS 140-2. These tests are a bunch of simple statistical calculations. Those statistics will occasionally fail on truly random data at an interval of around 2,500 iterations/failure. If it isn’t failing occasionally, you’re not seeing random data. Seeing a failure is not a problem. Seeing too many or too few is a problem.
Source: “random number guy” for over a decade, and working on a FIPS 140-2 Level 3 hardware project right now.
sudo cat /dev/hwrng | rngtest -c 10000
rngtest 2-unofficial-mt.14
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: 200000032
rngtest: FIPS 140-2 successes: 9993
rngtest: FIPS 140-2 failures: 7
rngtest: FIPS 140-2(2001-10-10) Monobit: 1
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 1
rngtest: FIPS 140-2(2001-10-10) Long run: 5
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=79.459; avg=1084.548; max=2441406.250)Kibits/s
rngtest: FIPS tests speed: (min=843.355; avg=3265.806; max=6426.867)Kibits/s
rngtest: Program run time: 240359132 microseconds
===Random visual====
sudo apt-get install netpbm
sudo cat /dev/hwrng | rawtoppm -rgb 640 256 | pnmtopng > random$(date +%Y%m%d%H%M%S).png
{{::random20140107181559.png?nolink|}}
===Dieharder test on 3GB file===
#On the RPi
chmod o+r /dev/hwrng
#On faster host, scp took me almost 8 hours.
ssh -v pi@xxx.xx.x.xx dd if=/dev/hwrng iflag=fullblock count=3072 bs=1024k > random.rpi2
dieharder -a -g 201 -f random.rpi2
#=============================================================================#
# dieharder version 3.31.1 Copyright 2003 Robert G. Brown #
#=============================================================================#
rng_name | filename |rands/second|
file_input_raw| random.rpi2| 1.12e+07 |
#=============================================================================#
test_name |ntup| tsamples |psamples| p-value |Assessment
#=============================================================================#
diehard_birthdays| 0| 100| 100|0.34597316| PASSED
diehard_operm5| 0| 1000000| 100|0.90744755| PASSED
diehard_rank_32x32| 0| 40000| 100|0.07737018| PASSED
diehard_rank_6x8| 0| 100000| 100|0.45008328| PASSED
diehard_bitstream| 0| 2097152| 100|0.66150607| PASSED
diehard_opso| 0| 2097152| 100|0.91329312| PASSED
diehard_oqso| 0| 2097152| 100|0.96887619| PASSED
diehard_dna| 0| 2097152| 100|0.52971384| PASSED
diehard_count_1s_str| 0| 256000| 100|0.28085518| PASSED
# The file file_input_raw was rewound 1 times
diehard_count_1s_byt| 0| 256000| 100|0.87256770| PASSED
# The file file_input_raw was rewound 1 times
diehard_parking_lot| 0| 12000| 100|0.63965905| PASSED
# The file file_input_raw was rewound 1 times
diehard_2dsphere| 2| 8000| 100|0.63608621| PASSED
# The file file_input_raw was rewound 1 times
diehard_3dsphere| 3| 4000| 100|0.89669154| PASSED
# The file file_input_raw was rewound 1 times
diehard_squeeze| 0| 100000| 100|0.03974590| PASSED
# The file file_input_raw was rewound 1 times
diehard_sums| 0| 100| 100|0.02202173| PASSED
# The file file_input_raw was rewound 1 times
diehard_runs| 0| 100000| 100|0.18053678| PASSED
diehard_runs| 0| 100000| 100|0.56702172| PASSED
# The file file_input_raw was rewound 1 times
diehard_craps| 0| 200000| 100|0.38209741| PASSED
diehard_craps| 0| 200000| 100|0.31967118| PASSED
# The file file_input_raw was rewound 4 times
marsaglia_tsang_gcd| 0| 10000000| 100|0.79695385| PASSED
marsaglia_tsang_gcd| 0| 10000000| 100|0.95537955| PASSED
# The file file_input_raw was rewound 4 times
sts_monobit| 1| 100000| 100|0.72013128| PASSED
# The file file_input_raw was rewound 4 times
sts_runs| 2| 100000| 100|0.46203368| PASSED
# The file file_input_raw was rewound 4 times
sts_serial| 1| 100000| 100|0.04299359| PASSED
sts_serial| 2| 100000| 100|0.33276642| PASSED
sts_serial| 3| 100000| 100|0.93303071| PASSED
sts_serial| 3| 100000| 100|0.79970461| PASSED
sts_serial| 4| 100000| 100|0.92957448| PASSED
sts_serial| 4| 100000| 100|0.76429782| PASSED
sts_serial| 5| 100000| 100|0.54177520| PASSED
sts_serial| 5| 100000| 100|0.59090509| PASSED
sts_serial| 6| 100000| 100|0.85876944| PASSED
sts_serial| 6| 100000| 100|0.28184290| PASSED
sts_serial| 7| 100000| 100|0.67649061| PASSED
sts_serial| 7| 100000| 100|0.83063305| PASSED
sts_serial| 8| 100000| 100|0.84181733| PASSED
sts_serial| 8| 100000| 100|0.51578409| PASSED
sts_serial| 9| 100000| 100|0.91101763| PASSED
sts_serial| 9| 100000| 100|0.95359416| PASSED
sts_serial| 10| 100000| 100|0.21783179| PASSED
sts_serial| 10| 100000| 100|0.23626083| PASSED
sts_serial| 11| 100000| 100|0.58767904| PASSED
sts_serial| 11| 100000| 100|0.69640028| PASSED
sts_serial| 12| 100000| 100|0.84659970| PASSED
sts_serial| 12| 100000| 100|0.78233602| PASSED
sts_serial| 13| 100000| 100|0.49114447| PASSED
sts_serial| 13| 100000| 100|0.14232516| PASSED
sts_serial| 14| 100000| 100|0.93482340| PASSED
sts_serial| 14| 100000| 100|0.53423324| PASSED
sts_serial| 15| 100000| 100|0.25191494| PASSED
sts_serial| 15| 100000| 100|0.26019763| PASSED
sts_serial| 16| 100000| 100|0.90243712| PASSED
sts_serial| 16| 100000| 100|0.05608425| PASSED
# The file file_input_raw was rewound 4 times
rgb_bitdist| 1| 100000| 100|0.29432747| PASSED
# The file file_input_raw was rewound 4 times
rgb_bitdist| 2| 100000| 100|0.91168584| PASSED
# The file file_input_raw was rewound 4 times
rgb_bitdist| 3| 100000| 100|0.14052303| PASSED
# The file file_input_raw was rewound 4 times
rgb_bitdist| 4| 100000| 100|0.25758940| PASSED
# The file file_input_raw was rewound 4 times
rgb_bitdist| 5| 100000| 100|0.27117119| PASSED
# The file file_input_raw was rewound 4 times
rgb_bitdist| 6| 100000| 100|0.93022805| PASSED
# The file file_input_raw was rewound 4 times
rgb_bitdist| 7| 100000| 100|0.71701673| PASSED
# The file file_input_raw was rewound 4 times
rgb_bitdist| 8| 100000| 100|0.63000411| PASSED
# The file file_input_raw was rewound 5 times
rgb_bitdist| 9| 100000| 100|0.76231273| PASSED
# The file file_input_raw was rewound 5 times
rgb_bitdist| 10| 100000| 100|0.33368352| PASSED
# The file file_input_raw was rewound 5 times
rgb_bitdist| 11| 100000| 100|0.97142195| PASSED
# The file file_input_raw was rewound 6 times
rgb_bitdist| 12| 100000| 100|0.55424281| PASSED
# The file file_input_raw was rewound 6 times
rgb_minimum_distance| 2| 10000| 1000|0.41250099| PASSED
# The file file_input_raw was rewound 6 times
rgb_minimum_distance| 3| 10000| 1000|0.36349016| PASSED
# The file file_input_raw was rewound 6 times
rgb_minimum_distance| 4| 10000| 1000|0.97639989| PASSED
# The file file_input_raw was rewound 6 times
rgb_minimum_distance| 5| 10000| 1000|0.00886445| PASSED
# The file file_input_raw was rewound 6 times
rgb_permutations| 2| 100000| 100|0.77555581| PASSED
# The file file_input_raw was rewound 6 times
rgb_permutations| 3| 100000| 100|0.35219153| PASSED
# The file file_input_raw was rewound 6 times
rgb_permutations| 4| 100000| 100|0.63916470| PASSED
# The file file_input_raw was rewound 6 times
rgb_permutations| 5| 100000| 100|0.83043450| PASSED
# The file file_input_raw was rewound 6 times
rgb_lagged_sum| 0| 1000000| 100|0.63441688| PASSED
# The file file_input_raw was rewound 6 times
rgb_lagged_sum| 1| 1000000| 100|0.21196461| PASSED
# The file file_input_raw was rewound 7 times
rgb_lagged_sum| 2| 1000000| 100|0.98344504| PASSED
# The file file_input_raw was rewound 7 times
rgb_lagged_sum| 3| 1000000| 100|0.22629216| PASSED
# The file file_input_raw was rewound 8 times
rgb_lagged_sum| 4| 1000000| 100|0.65908762| PASSED
# The file file_input_raw was rewound 8 times
rgb_lagged_sum| 5| 1000000| 100|0.91070672| PASSED
# The file file_input_raw was rewound 9 times
rgb_lagged_sum| 6| 1000000| 100|0.27071119| PASSED
# The file file_input_raw was rewound 10 times
rgb_lagged_sum| 7| 1000000| 100|0.86418190| PASSED
# The file file_input_raw was rewound 11 times
rgb_lagged_sum| 8| 1000000| 100|0.99917509| WEAK
# The file file_input_raw was rewound 13 times
rgb_lagged_sum| 9| 1000000| 100|0.69589197| PASSED
# The file file_input_raw was rewound 14 times
rgb_lagged_sum| 10| 1000000| 100|0.37690543| PASSED
# The file file_input_raw was rewound 16 times
rgb_lagged_sum| 11| 1000000| 100|0.91865332| PASSED
# The file file_input_raw was rewound 17 times
rgb_lagged_sum| 12| 1000000| 100|0.13143491| PASSED
# The file file_input_raw was rewound 19 times
rgb_lagged_sum| 13| 1000000| 100|0.83193143| PASSED
# The file file_input_raw was rewound 21 times
rgb_lagged_sum| 14| 1000000| 100|0.43545535| PASSED
# The file file_input_raw was rewound 23 times
rgb_lagged_sum| 15| 1000000| 100|0.87146122| PASSED
# The file file_input_raw was rewound 25 times
rgb_lagged_sum| 16| 1000000| 100|0.91910411| PASSED
# The file file_input_raw was rewound 27 times
rgb_lagged_sum| 17| 1000000| 100|0.62243095| PASSED
# The file file_input_raw was rewound 29 times
rgb_lagged_sum| 18| 1000000| 100|0.93688081| PASSED
# The file file_input_raw was rewound 32 times
rgb_lagged_sum| 19| 1000000| 100|0.74811113| PASSED
# The file file_input_raw was rewound 35 times
rgb_lagged_sum| 20| 1000000| 100|0.50321575| PASSED
# The file file_input_raw was rewound 37 times
rgb_lagged_sum| 21| 1000000| 100|0.76070372| PASSED
# The file file_input_raw was rewound 40 times
rgb_lagged_sum| 22| 1000000| 100|0.09722035| PASSED
# The file file_input_raw was rewound 43 times
rgb_lagged_sum| 23| 1000000| 100|0.01695431| PASSED
# The file file_input_raw was rewound 46 times
rgb_lagged_sum| 24| 1000000| 100|0.69353267| PASSED
# The file file_input_raw was rewound 49 times
rgb_lagged_sum| 25| 1000000| 100|0.71566485| PASSED
# The file file_input_raw was rewound 53 times
rgb_lagged_sum| 26| 1000000| 100|0.79282958| PASSED
# The file file_input_raw was rewound 56 times
rgb_lagged_sum| 27| 1000000| 100|0.80665438| PASSED
# The file file_input_raw was rewound 60 times
rgb_lagged_sum| 28| 1000000| 100|0.35674353| PASSED
# The file file_input_raw was rewound 64 times
rgb_lagged_sum| 29| 1000000| 100|0.76710314| PASSED
# The file file_input_raw was rewound 67 times
rgb_lagged_sum| 30| 1000000| 100|0.55848471| PASSED
# The file file_input_raw was rewound 71 times
rgb_lagged_sum| 31| 1000000| 100|0.93240512| PASSED
# The file file_input_raw was rewound 76 times
rgb_lagged_sum| 32| 1000000| 100|0.75912760| PASSED
# The file file_input_raw was rewound 76 times
rgb_kstest_test| 0| 10000| 1000|0.23134916| PASSED
# The file file_input_raw was rewound 76 times
dab_bytedistrib| 0| 51200000| 1|0.95016600| PASSED
# The file file_input_raw was rewound 76 times
dab_dct| 256| 50000| 1|0.74471304| PASSED
Preparing to run test 207. ntuple = 0
# The file file_input_raw was rewound 76 times
dab_filltree| 32| 15000000| 1|0.24352143| PASSED
dab_filltree| 32| 15000000| 1|0.41132076| PASSED
Preparing to run test 208. ntuple = 0
# The file file_input_raw was rewound 76 times
dab_filltree2| 0| 5000000| 1|0.15673745| PASSED
dab_filltree2| 1| 5000000| 1|0.48170936| PASSED
Preparing to run test 209. ntuple = 0
# The file file_input_raw was rewound 76 times
dab_monobit2| 12| 65000000| 1|0.07111443| PASSED
====Create 10MB random data file====
dd if=/dev/random of=random.out bs=1000 count=10000 iflag=fullblock
====Show entropy pool size====
Current size:
$ cat /proc/sys/kernel/random/poolsize
4096
#or
$ sysctl kernel.random.poolsize
kernel.random.poolsize = 4096
Current available:
$ cat /proc/sys/kernel/random/entropy_avail
3028
You can dd /dev/random to /dev/null and find that a device using the HRNG is much faster than whithout.
dd if=/dev/random of=/dev/null bs=1000 count=10000 iflag=fullblock