Bug #271

network devices are no longer sources of entropy

Added by Dave Täht on Sep 17, 2011. Updated on Jun 24, 2014.
Closed Urgent Dave Täht


I’m told that network devices are no longer trusted sources of entropy for random number generation,
yet in a router device, there isn’t a lot of entropy to be had from elsewhere.

I had hoped that hardware makers would add rngs to their chipsets long ago, they have plenty of sources onchip to tap for essential randomness. But nooo…

lacking essential randomness things like ssh keys, ssl, and wpa wireless encryption become VERY predictable.

See also: https://dev.openwrt.org/ticket/9631#comment:4

What other entropy sources can be used?


Updated by Dave Täht on Nov 18, 2011.
The right answer is to inject more entropy from the wireless signal strength, interrupts, packet sizes internally, ethernet arrival time, etc, in addition to using a userspace daemon.
Updated by Dave Täht on Nov 18, 2011.
It would be nice to have entropy for routers that don’t have hardware rng. Right now there is nearly none in the ar71xx

without entropy crypto is not crypto…

What is a culturally acceptible form of re-introducing entropy to Linux?

Updated by Noel Grandin on Dec 8, 2011.
The rngd daemon can introduce entropy:

And here is a hack for using wireless data to do so:

Otherwise, ask nicely on the linux-network mailing list, or the linux-wireless mailing list
http://vger.kernel.org/vger-lists.html#netdev http://linuxwireless.org/en/developers/MailingLists

Updated by Dave Täht on Jun 24, 2014.

This is a static export of the original bufferbloat.net issue database. As such, no further commenting is possible; the information is solely here for archival purposes.
RSS feed

Recent News & Articles

Mar 21, 2019 Wiki page
Dave Taht's Take on TCP
Mar 17, 2019 Wiki page
Jake Holland's Stance on ECN
Sep 6, 2018 Wiki page
Pete Heist's Thoughts on ECN
Sep 5, 2018 Wiki page
Dave Taht's Stance on ECN
Sep 4, 2018 Wiki page
Jonathan Morton's Take on ECN

Find us elsewhere

Bufferbloat Mailing Lists
#bufferbloat on Twitter
Google+ group
Archived Bufferbloat pages from the Wayback Machine


Comcast Research Innovation Fund
Nlnet Foundation
Shuttleworth Foundation

Bufferbloat Related Projects

Congestion Control Blog
Lede Project (OpenWrt)
Flent Network Test Suite
The Cake shaper

Network Performance Related Resources

Jim Gettys' Blog - The chairman of the Fjord
Toke's Blog - Karlstad University's work on bloat
Voip Users Conference - Weekly Videoconference mostly about voip
Candelatech - A wifi testing company that "gets it".