Bug #271

network devices are no longer sources of entropy

Added by Dave Täht on Sep 17, 2011. Updated on Jun 24, 2014.
Closed Urgent Dave Täht

Description

I’m told that network devices are no longer trusted sources of entropy for random number generation,
yet in a router device, there isn’t a lot of entropy to be had from elsewhere.

I had hoped that hardware makers would add rngs to their chipsets long ago, they have plenty of sources onchip to tap for essential randomness. But nooo…

lacking essential randomness things like ssh keys, ssl, and wpa wireless encryption become VERY predictable.

See also: https://dev.openwrt.org/ticket/9631#comment:4

What other entropy sources can be used?

History

Updated by Dave Täht on Nov 18, 2011.
The right answer is to inject more entropy from the wireless signal strength, interrupts, packet sizes internally, ethernet arrival time, etc, in addition to using a userspace daemon.
Updated by Dave Täht on Nov 18, 2011.
It would be nice to have entropy for routers that don’t have hardware rng. Right now there is nearly none in the ar71xx
chipset…

without entropy crypto is not crypto…

What is a culturally acceptible form of re-introducing entropy to Linux?

Updated by Noel Grandin on Dec 8, 2011.
The rngd daemon can introduce entropy:
http://linux.die.net/man/8/rngd

And here is a hack for using wireless data to do so:
http://bredsaal.dk/generating-entropy-with-a-wireless-network-card

Otherwise, ask nicely on the linux-network mailing list, or the linux-wireless mailing list
http://vger.kernel.org/vger-lists.html#netdev http://linuxwireless.org/en/developers/MailingLists

Updated by Dave Täht on Jun 24, 2014.

This is a static export of the original bufferbloat.net issue database. As such, no further commenting is possible; the information is solely here for archival purposes.
RSS feed

Recent Updates

Jul 21, 2024 Wiki page
cake-autorate
Jul 21, 2024 Wiki page
What Can I Do About Bufferbloat?
Jul 21, 2024 Wiki page
Tests for Bufferbloat
Jul 1, 2024 Wiki page
RRUL Chart Explanation
Dec 3, 2022 Wiki page
Codel Wiki

Find us elsewhere

Bufferbloat Mailing Lists
#bufferbloat on Twitter
Google+ group
Archived Bufferbloat pages from the Wayback Machine

Sponsors

Comcast Research Innovation Fund
Nlnet Foundation
Shuttleworth Foundation
GoFundMe

Bufferbloat Related Projects

OpenWrt Project
Congestion Control Blog
Flent Network Test Suite
Sqm-Scripts
The Cake shaper
AQMs in BSD
IETF AQM WG
CeroWrt (where it all started)

Network Performance Related Resources


Jim Gettys' Blog - The chairman of the Fjord
Toke's Blog - Karlstad University's work on bloat
Voip Users Conference - Weekly Videoconference mostly about voip
Candelatech - A wifi testing company that "gets it".