[liberationtech] Random number generator failure in Rasperri Pis?
Andy Isaacson
adi at hexapodia.org
Fri Jul 19 10:42:00 PDT 2013
On Fri, Jul 19, 2013 at 01:17:51PM +0100, Michael Rogers wrote:
> On 19/07/13 13:03, KheOps wrote:
> > Just came accross this article, apparently showing the bad quality
> > of the hardware RNG in Raspberri Pi devices.
> >
> > http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis-hardware-random-number-generator/
> >
> > Quite interesting since (pseudo-) random numbers are heavily used
> > in crypto. Interesting also to see another post on this topic,
> > after the study of a random number generation procedure formerly
> > used in Cryptocat and that was also problematic.
>
> Is that what the article shows? Looks to me like the Raspberry Pi's
> hardware RNG (/dev/hwrng) is being held up as an example of 'good
> randomness' in contrast to the RANDU algorithm's 'bad randomness'.
Regardless of the quality of the HW RNG on RPI, it's not good to expose
the entropy directly to userspace in /dev/hwrng. Rather, the RPI kernel
should mix the entropy into the kernel entropy pool and apps should use
/dev/random to get high-quality entropy mixed from all available entropy
sources. That way even if an attacker has a backdoor to the HW RNG,
the user still has a second line of defense due to the other
unpredictable data mixed into the same pool.
-andy
More information about the liberationtech
mailing list