Re: [liberationtech] Random number generator failure in Rasperri Pis?

[Sandy Harris]

KheOps  wrote:

> Just came accross this article, apparently showing the bad quality of
> the hardware RNG in Raspberri Pi devices.
>
> http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis-hardware-random-number-generator/

I agree with other posters; you are misreading an article that
says the hardware generator on the Pi seems OK.

I have implemented something that can provide an alternative
or a supplement if necessary, Documentation describes some
other choices as well:

ftp://ftp.cs.sjtu.edu.cn:990/sandy/maxwell/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Random number generator failure in Rasperri Pis?

[Adam Fish]

Dear Colleagues,

I am presently writing on politicians, namely Gore and Obama, talking about
the internet on the campaign trail. I am looking for citations for research
on discourses on technology in politics.

Any leads?

Thank you.

Best,




Adam Fish, PhD

Media and Cultural Studies

Department of Sociology

Lancaster University, UK, LA1 4YT

p. 01524592699

University Research
Portal

Twitter 


On Fri, Jul 19, 2013 at 1:03 PM, KheOps  wrote:

> Hi all,
>
> Just came accross this article, apparently showing the bad quality of
> the hardware RNG in Raspberri Pi devices.
>
>
> http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis-hardware-random-number-generator/
>
> Quite interesting since (pseudo-) random numbers are heavily used in
> crypto. Interesting also to see another post on this topic, after the
> study of a random number generation procedure formerly used in Cryptocat
> and that was also problematic.
>
> Datalove,
> KheOps
>
>
>
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Random number generator failure in Rasperri Pis?

[Matt Mackall]

On Fri, 2013-07-19 at 10:42 -0700, Andy Isaacson wrote:
> On Fri, Jul 19, 2013 at 01:17:51PM +0100, Michael Rogers wrote:
> > On 19/07/13 13:03, KheOps wrote:
> > > Just came accross this article, apparently showing the bad quality
> > > of the hardware RNG in Raspberri Pi devices.
> > > 
> > > http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis-hardware-random-number-generator/
> > >
> > >  Quite interesting since (pseudo-) random numbers are heavily used
> > > in crypto. Interesting also to see another post on this topic,
> > > after the study of a random number generation procedure formerly
> > > used in Cryptocat and that was also problematic.
> > 
> > Is that what the article shows? Looks to me like the Raspberry Pi's
> > hardware RNG (/dev/hwrng) is being held up as an example of 'good
> > randomness' in contrast to the RANDU algorithm's 'bad randomness'.
> 
> Regardless of the quality of the HW RNG on RPI, it's not good to expose
> the entropy directly to userspace in /dev/hwrng.  Rather, the RPI kernel
> should mix the entropy into the kernel entropy pool and apps should use
> /dev/random to get high-quality entropy mixed from all available entropy
> sources.  That way even if an attacker has a backdoor to the HW RNG,
> the user still has a second line of defense due to the other
> unpredictable data mixed into the same pool.

And there's a daemon for this:

apt-get install rng-tools

-- 
Mathematics is the supreme nostalgia of our time.


--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Random number generator failure in Rasperri Pis?

[Andy Isaacson]

On Fri, Jul 19, 2013 at 01:17:51PM +0100, Michael Rogers wrote:
> On 19/07/13 13:03, KheOps wrote:
> > Just came accross this article, apparently showing the bad quality
> > of the hardware RNG in Raspberri Pi devices.
> > 
> > http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis-hardware-random-number-generator/
> >
> >  Quite interesting since (pseudo-) random numbers are heavily used
> > in crypto. Interesting also to see another post on this topic,
> > after the study of a random number generation procedure formerly
> > used in Cryptocat and that was also problematic.
> 
> Is that what the article shows? Looks to me like the Raspberry Pi's
> hardware RNG (/dev/hwrng) is being held up as an example of 'good
> randomness' in contrast to the RANDU algorithm's 'bad randomness'.

Regardless of the quality of the HW RNG on RPI, it's not good to expose
the entropy directly to userspace in /dev/hwrng.  Rather, the RPI kernel
should mix the entropy into the kernel entropy pool and apps should use
/dev/random to get high-quality entropy mixed from all available entropy
sources.  That way even if an attacker has a backdoor to the HW RNG,
the user still has a second line of defense due to the other
unpredictable data mixed into the same pool.

-andy
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Random number generator failure in Rasperri Pis?

[Petter Ericson]

On 19 July, 2013 - KheOps wrote:

> Hey,
> 
> Le 19/07/2013 14:22, Petter Ericson a écrit :
> >> Just came accross this article, apparently showing the bad quality of
> >> the hardware RNG in Raspberri Pi devices.
> >>
> >> http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis-hardware-random-number-generator/
> > 
> > I see nothing in the blog post indicating that the random data from the
> > Pi HW is bad. Rather, he uses that to show how good random data should look,
> > after which he implements RANDU to show how _not_ to do it.
> > 
> > I have seen this being posted here and there as a "look, Pi HWrand bad"
> > thing, but I have to wonder how many actually read the blog post, 
> > considering
> > he even ran rngtest for a thousand runs with no failures on the output of 
> > /dev/hwrng
> 
> I might have read it and concluded too fast, and yes obviously he shows
> how another implementation is failing.
> 
> But I see this:
> sudo cat /dev/hwrng | rngtest -c 1000
> which for me refers to the previously installed driver for RasPi
> 
> and then he says: "We were lucky that none of the tests failed for that
> run; sometimes there are a few failures. RANDU, on the other hand fares
> very badly"
> 
> Meaning that RANDU is really bad whereas the RasPi one would be ...
> better but still failing to pass some tests in some occasions?

You raise a good point.

I must admit ignorance in regards to the specifics of linux, HWRNGs, /dev/hwrng
and /dev/random, but my personal guess would be that /dev/hwrng supplies true
random values, while /dev/random is the place to look for properly hashed and
checked random output.

Having true random values fail a FIPS-140 test is definitely not out of the 
realm
of possibility, though I have no idea how common it would be.

It might be a good idea to do some digging around the components and source 
code, 
though. If for no other reason than it always is.

Best

/P

-- 
Petter Ericson (pett...@acc.umu.se)
Telecomix Sleeper Jellyfish
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Random number generator failure in Rasperri Pis?

[KheOps]

Hey,

Le 19/07/2013 14:22, Petter Ericson a écrit :
>> Just came accross this article, apparently showing the bad quality of
>> the hardware RNG in Raspberri Pi devices.
>>
>> http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis-hardware-random-number-generator/
> 
> I see nothing in the blog post indicating that the random data from the
> Pi HW is bad. Rather, he uses that to show how good random data should look,
> after which he implements RANDU to show how _not_ to do it.
> 
> I have seen this being posted here and there as a "look, Pi HWrand bad"
> thing, but I have to wonder how many actually read the blog post, considering
> he even ran rngtest for a thousand runs with no failures on the output of 
> /dev/hwrng

I might have read it and concluded too fast, and yes obviously he shows
how another implementation is failing.

But I see this:
sudo cat /dev/hwrng | rngtest -c 1000
which for me refers to the previously installed driver for RasPi

and then he says: "We were lucky that none of the tests failed for that
run; sometimes there are a few failures. RANDU, on the other hand fares
very badly"

Meaning that RANDU is really bad whereas the RasPi one would be ...
better but still failing to pass some tests in some occasions?

That's how I understood it,
KheOps

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Random number generator failure in Rasperri Pis?

[Petter Ericson]

> Just came accross this article, apparently showing the bad quality of
> the hardware RNG in Raspberri Pi devices.
> 
> http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis-hardware-random-number-generator/

I see nothing in the blog post indicating that the random data from the
Pi HW is bad. Rather, he uses that to show how good random data should look,
after which he implements RANDU to show how _not_ to do it.

I have seen this being posted here and there as a "look, Pi HWrand bad"
thing, but I have to wonder how many actually read the blog post, considering
he even ran rngtest for a thousand runs with no failures on the output of 
/dev/hwrng

Best

/P

-- 
Petter Ericson (pett...@acc.umu.se)
Telecomix Sleeper Jellyfish
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Random number generator failure in Rasperri Pis?

[Michael Rogers]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 19/07/13 13:03, KheOps wrote:
> Just came accross this article, apparently showing the bad quality
> of the hardware RNG in Raspberri Pi devices.
> 
> http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis-hardware-random-number-generator/
>
>  Quite interesting since (pseudo-) random numbers are heavily used
> in crypto. Interesting also to see another post on this topic,
> after the study of a random number generation procedure formerly
> used in Cryptocat and that was also problematic.

Is that what the article shows? Looks to me like the Raspberry Pi's
hardware RNG (/dev/hwrng) is being held up as an example of 'good
randomness' in contrast to the RANDU algorithm's 'bad randomness'.

Cheers,
Michael


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJR6S5uAAoJEBEET9GfxSfMKS8H/2DHdwnwgiYjoXtrJuxF5iPQ
jao6vb0GJP423lLyLsc9smcm/XAYhtCC4uVObw5SeKKZ0sBIvpwotmjooY0mM9I/
wbgwzdJIIFr4y4QpLhZvc2gpbHyl9Ri1feQkRIKS+YTvEe6gIZPcEkkL0xUaqPfD
QXrL0HPom9T9Rv0Y7F5hmU1DoP1r+rTlFpcCvMlWdr6VT+9J9bftUg0P9bIs1g22
J1Kos3BBbHl5+xFcOauD2AcSMBPNs9VaaIvTXdBF34Zod/ehLYXBEAfKPsan1hN1
nJTB3lEPrH8HGnokSYO4xibLsYpxf1QTqu3OxdY9iq/B7oyug7HTOW+YZGA53X4=
=88Cb
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Random number generator failure in Rasperri Pis?

[KheOps]

Hi all,

Just came accross this article, apparently showing the bad quality of
the hardware RNG in Raspberri Pi devices.

http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis-hardware-random-number-generator/

Quite interesting since (pseudo-) random numbers are heavily used in
crypto. Interesting also to see another post on this topic, after the
study of a random number generation procedure formerly used in Cryptocat
and that was also problematic.

Datalove,
KheOps



--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech