Re: TRNG (was: Specifying entropy source)
On the topic of open source RNG, I own the OneRNG and have attempted to use it with gpg but failed in the past. I never made another attempt. OneRNG was a kickstarter crowd funding campaign and is now available from their webshop. It's supposed to be an open source RNG but I'm not qualified to speak on its quality as a TRNG. It instructed users to use rngd, and at the time I was not aware of haveged. I was able to use it for entropy but never for GPG. The OneRNG has a LED that is supposed to dim when entropy is being drawn from it, but gpg use never triggered this. My goal would be to make another attempt at using my OneRNG over USB with haveged as entropy source. A quick web search shows others have attempted this already. For example https://lwn.net/Articles/648550/ 2016-11-17 1:37 GMT+01:00 NIIBE Yutaka : > Hello, > > I work for my own TRNG implementation. I realized that the point is: > > We should collectively control things so that none can control a > sequence of random bytes. --- (*) > > Second "control" in (*) includes guessing, predicting, or knowing, not > only manipulating directly/indirectly. > > Things include software, hardware, and the process of making software, > hardware, etc. > > I observed that people have tendency to prefer an exotic noise source, > but it is not that important matter for me. Rather, if a TRNG device > depends on some exotic technology, I count it as a weakness because it > makes it difficult to be reproducible and transparent. > > > On 11/17/2016 03:12 AM, NdK wrote: >> Il 16/11/2016 15:55, Juergen Christoffel ha scritto: >> >>> Then there are http://www.bitbabbler.org and >>> http://ubld.it/products/truerng-hardware-random-number-generator/ as >>> hardware random number generators. Both are worth their money IMO. >> Why not GnuK, that incorporates a TRNG too? > > In general, OpenPGP card implementations have a random number > generator. I mean, it's not only the feature of Gnuk. It is > accessible by gpg-connect-agent. Here is an example. > > > $ gpg-connect-agent --hex "SCD RANDOM 32" /bye > D[] F8 04 49 F3 BA D9 85 44 47 54 F5 89 B5 49 EA E7 ..IDGT...I.. > D[0010] 46 20 1E 09 15 AC 38 7E 9E 50 0E D7 28 19 64 15 F 8~.P..(.d. > OK > > > I think that this is useful when a person installs an OS into a new > machine, or when people use machines for clean boot with fixed media > like CD. Feeding those random bytes to /dev/random can make the > barrier higher (against guessing, predicting, or knowing). > >> There's even a version that only includes the TRNG, and it's completely >> open. > > Thank you, Diego, for the introduction. The device is available at: > > > https://shop.fsf.org/storage-devices/neug-usb-true-random-number-generator > > I think that "completely open" is not achieved, yet. > > Although I tried my best making it free, reproducible and transparent > (I use the tube on purpose to demonstrate its transparency), it's not > perfect; While firmware is Free Software assuming Free Software > development environment only, and the PCB design is free and the > design assumes Free Software development environment only, it still > depends on the MCU chip (manufacturer and its distribution channel) > and the manufacturer of PCB assembly. > > Suppose that there were a proprietary TRNG device by some alien (I > mean, an external entity). As a gift, the alien deliberately left the > TRNG which generation of randomness cannot be controlled by anyone in > this planet. In this case, this TRNG is useful for us, perhaps. > > Given no such a gift on earth, I believe that we need free, > reproducible and transparent one even not perfect. > > Well, I think that the TRNG device is very good for a gift to hackers. > :-) > > Enjoy, > -- > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Vänliga Hälsningar / Sincerely Stefan M ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
TRNG (was: Specifying entropy source)
Hello, I work for my own TRNG implementation. I realized that the point is: We should collectively control things so that none can control a sequence of random bytes. --- (*) Second "control" in (*) includes guessing, predicting, or knowing, not only manipulating directly/indirectly. Things include software, hardware, and the process of making software, hardware, etc. I observed that people have tendency to prefer an exotic noise source, but it is not that important matter for me. Rather, if a TRNG device depends on some exotic technology, I count it as a weakness because it makes it difficult to be reproducible and transparent. On 11/17/2016 03:12 AM, NdK wrote: > Il 16/11/2016 15:55, Juergen Christoffel ha scritto: > >> Then there are http://www.bitbabbler.org and >> http://ubld.it/products/truerng-hardware-random-number-generator/ as >> hardware random number generators. Both are worth their money IMO. > Why not GnuK, that incorporates a TRNG too? In general, OpenPGP card implementations have a random number generator. I mean, it's not only the feature of Gnuk. It is accessible by gpg-connect-agent. Here is an example. $ gpg-connect-agent --hex "SCD RANDOM 32" /bye D[] F8 04 49 F3 BA D9 85 44 47 54 F5 89 B5 49 EA E7 ..IDGT...I.. D[0010] 46 20 1E 09 15 AC 38 7E 9E 50 0E D7 28 19 64 15 F 8~.P..(.d. OK I think that this is useful when a person installs an OS into a new machine, or when people use machines for clean boot with fixed media like CD. Feeding those random bytes to /dev/random can make the barrier higher (against guessing, predicting, or knowing). > There's even a version that only includes the TRNG, and it's completely > open. Thank you, Diego, for the introduction. The device is available at: https://shop.fsf.org/storage-devices/neug-usb-true-random-number-generator I think that "completely open" is not achieved, yet. Although I tried my best making it free, reproducible and transparent (I use the tube on purpose to demonstrate its transparency), it's not perfect; While firmware is Free Software assuming Free Software development environment only, and the PCB design is free and the design assumes Free Software development environment only, it still depends on the MCU chip (manufacturer and its distribution channel) and the manufacturer of PCB assembly. Suppose that there were a proprietary TRNG device by some alien (I mean, an external entity). As a gift, the alien deliberately left the TRNG which generation of randomness cannot be controlled by anyone in this planet. In this case, this TRNG is useful for us, perhaps. Given no such a gift on earth, I believe that we need free, reproducible and transparent one even not perfect. Well, I think that the TRNG device is very good for a gift to hackers. :-) Enjoy, -- signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Specifying entropy source
Hi, i run also into the same problem. At the end, it seems the rng-tools are not so recommended. So i went with haveged because of the algorithm it uses. Haveged runs as a background daemon and won't bother you in the future. I know a good hosting provider where it is preinstalled and a good linux admin who uses it as a standard repertoir tool. Greetings 2016-11-16 19:12 GMT+01:00 NdK : > Il 16/11/2016 15:55, Juergen Christoffel ha scritto: > > > Then there are http://www.bitbabbler.org and > > http://ubld.it/products/truerng-hardware-random-number-generator/ as > > hardware random number generators. Both are worth their money IMO. > Why not GnuK, that incorporates a TRNG too? > There's even a version that only includes the TRNG, and it's completely > open. > > BYtE, > Diego > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Specifying entropy source
Il 16/11/2016 15:55, Juergen Christoffel ha scritto: > Then there are http://www.bitbabbler.org and > http://ubld.it/products/truerng-hardware-random-number-generator/ as > hardware random number generators. Both are worth their money IMO. Why not GnuK, that incorporates a TRNG too? There's even a version that only includes the TRNG, and it's completely open. BYtE, Diego ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Specifying entropy source
On Tue, Nov 15, 2016 at 11:57:18AM +0100, aafanas...@os3.nl wrote: I know that during generation of the key will be asked for moving mouse or some other actions to create enough entropy. However could I use a specific source to create entropy for key generation? Like only mouse or keyboard. As Stefan wrote, try haveged. Or: if your CPU has "RDRAND" (i.e. grep rdrand /proc/cpuinfo) it contains Intel's hardware RNG. Which you have to trust, as it's a proprietary feature of a big player. But Linux's entropy gathering mixes its output with other sources of randomness, Then there are http://www.bitbabbler.org and http://ubld.it/products/truerng-hardware-random-number-generator/ as hardware random number generators. Both are worth their money IMO. --jc -- Doctorow's Law: Anytime someone puts a lock on something you own, against your wishes, and doesn't give you the key, they're not doing it for your benefit. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Specifying entropy source
I'm a novice user but since nobody else has replied. Have you tried installing haveged and starting the service? It generates entropy. First link on Google. https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged 2016-11-15 11:57 GMT+01:00 : > Hi, > > > I know that during generation of the key will be asked for moving mouse or > some other actions to create enough entropy. However could I use a > specific source to create entropy for key generation? Like only mouse or > keyboard. > If yes how it can be done? > > Thank you. > > With kind regards, > > Andrey > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Vänliga Hälsningar / Sincerely Stefan M ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Specifying entropy source
Hi, I know that during generation of the key will be asked for moving mouse or some other actions to create enough entropy. However could I use a specific source to create entropy for key generation? Like only mouse or keyboard. If yes how it can be done? Thank you. With kind regards, Andrey ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
