[liberationtech] RNG in Raspberry Pi
Andy Isaacson
adi at hexapodia.org
Thu Oct 3 01:44:28 PDT 2013
On Wed, Oct 02, 2013 at 11:57:24PM -0500, Paul Elliott wrote:
> What is the quality of the Hardware RNG in the Raspberry Pi?
Fairly unknown. The current driver used in Raspbian and so on, which
exposes the RNG directly at /dev/hwrng is definitely *not* safe to use
raw -- it needs a mixing pool at the very least, and should ideally be
simply another input to the /dev/random entropy pool along with all of
the standard sources of entropy.
> I have heard about the controversy about the intel chip
> and wondered if there were any parallel questions about
> the Raspberry Pi.
The Intel chip at least has a published design -- the design is fairly
easy to poke holes in, but at least they did *that* much.
The Broadcom RNG has no public design documentation AFAIK.
This is not a good sign for security.
The best I've seen is the VIA independent evaluation:
http://www.cryptography.com/public/pdf/VIA_rng.pdf
> Near as I can figure out if an Hardware RNG does not
> come automaticly with your desktop or laptop, the Raspberry Pi
> seems to be about the cheapest source of random numbers you
> can get.
Far cheaper (in currency if not in time) is to use the audio amplifier
on your computer. Here's one document on how:
http://www.av8n.com/turbid/paper/turbid.htm
There's also a RNG firmware for the FST-01 programmable USB peripheral:
http://www.seeedstudio.com/wiki/FST-01
http://www.gniibe.org/memo/development/gnuk/rng/neug
> Entropy key are only 36 pounds, but they seem to have a long
> backlog.
Apparently the small company that made them is having issues. I haven't
seen any evidence of them coming back to life, unfortunately.
> What about using and Raspberry Pi for hard random number
> generation?
Might work. I'd be cautious. The FST-01 hardware is perhaps better
documented and easier to reverse engineer than the Broadcom chip.
-andy
More information about the liberationtech
mailing list