Date: Sun, 27 Mar 2022 11:01:08 +0100 From: Mark Murray <markm@FreeBSD.org> To: freebsd-lists@sensation.net.au Cc: "freebsd-security@freebsd.org" <freebsd-security@FreeBSD.org> Subject: Re: Adding entropy from external source into random number generator - how? Message-ID: <BD197409-7C3D-4FB9-9E7B-4AB9D3F14C2E@FreeBSD.org> In-Reply-To: <Pine.BSF.4.64.2203270426430.33073@satin.sensation.net.au> References: <Pine.BSF.4.64.2203270426430.33073@satin.sensation.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_D75555FF-2A6F-4774-9BEB-85C39903F57B Content-Type: multipart/alternative; boundary="Apple-Mail=_667BF386-02F2-43E4-847F-D0881038806B" --Apple-Mail=_667BF386-02F2-43E4-847F-D0881038806B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On 26 Mar 2022, at 17:29, freebsd-lists@sensation.net.au wrote: >=20 > Hi all. I was pointed to this mailing list, so I hope my query is = reasonably on topic. >=20 > I've developed simple firmware on a microcontroller which uses the = values of multiple floating analog inputs to generate random numbers. = I'd like to use this as an external source to add entropy into a FreeBSD = system. OK. Good. > I think the best way to do it would be to call = random_harvest_queue(...), but what do I use as the source enum (see = /usr/include/sys/random.h)? ENTROPYSOURCE, I guess? Add a new one for your source. > I believe it's also possible to open /dev/random for write to inject = entropy, and I'm sure I saw mention of this being available around = 12.0R, but I cannot find any mention of that scenario in the man pages. This is for userland sources. If you are in-kernel, use = random_harvest_queue(9), and be careful that you don't run at high rate = - i.e. if your harvester spends a lot of time waiting for its source, = then good, otherwise sleep to keep the rate down to a trickle. You don't = need more than a maybe a few tens of harvested events per second = maximum. If your source is good, even ten events per second would be = excessive. > I guess the other question to ask is whether ~45 kilobytes per second = of additional entropy is even useful in a typical situation? There's no = strict security requirement or anything like that, it's really just a = fun project that I'm hoping to actually use. :) All entropy is good = entropy, right? What's your threat model? Guessing 256 bits by brute force alone is such a good approximation to = impossible in human timeframes that even a demigod would not bother = trying. Supplying that much entropy per second may be good for = generating "true" randomness only if you believe the accumulator and = generator were broken cryptographically, but for everyday use that would = be excessive by very many orders of magnitude. Having an idea about how good your source is, would be a useful = exercise. A basic and easy measurement would be to calculate the Shannon = entropy of your source. This will give an estimate of the equivalent = number of bits of entropy that it supplies, under the conditions of your = measurement. See = https://en.wikipedia.org/wiki/Entropy_(information_theory) = <https://en.wikipedia.org/wiki/Entropy_(information_theory)>; - H(X) is = the Shannon entropy, measured in bits if b =3D 2 (see lower down in that = page for the definition). M -- Mark R V Murray --Apple-Mail=_667BF386-02F2-43E4-847F-D0881038806B Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; = charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; line-break: after-white-space;" class=3D""><br = class=3D""><div><br class=3D""><blockquote type=3D"cite" class=3D""><div = class=3D"">On 26 Mar 2022, at 17:29, <a = href=3D"mailto:freebsd-lists@sensation.net.au" = class=3D"">freebsd-lists@sensation.net.au</a> wrote:</div><br = class=3D"Apple-interchange-newline"><div class=3D""><div class=3D"">Hi = all. I was pointed to this mailing list, so I hope my query is = reasonably on topic.<br class=3D""><br class=3D"">I've developed simple = firmware on a microcontroller which uses the values of multiple floating = analog inputs to generate random numbers. I'd like to use this as an = external source to add entropy into a FreeBSD system.<br = class=3D""></div></div></blockquote><div><br class=3D""></div>OK. = Good.</div><div><br class=3D""><blockquote type=3D"cite" class=3D""><div = class=3D""><div class=3D"">I think the best way to do it would be to = call random_harvest_queue(...), but what do I use as the source enum = (see /usr/include/sys/random.h)? ENTROPYSOURCE, I guess?<br = class=3D""></div></div></blockquote><div><br class=3D""></div>Add a new = one for your source.</div><div><br class=3D""><blockquote type=3D"cite" = class=3D""><div class=3D""><div class=3D"">I believe it's also possible = to open /dev/random for write to inject entropy, and I'm sure I saw = mention of this being available around 12.0R, but I cannot find any = mention of that scenario in the man pages.<br = class=3D""></div></div></blockquote><div><br class=3D""></div>This is = for userland sources. If you are in-kernel, use random_harvest_queue(9), = and be careful that you don't run at high rate - i.e. if your harvester = spends a lot of time waiting for its source, then good, otherwise sleep = to keep the rate down to a trickle. You don't need more than a maybe a = few tens of harvested events per second maximum. If your source is good, = even ten events per second would be excessive.</div><div> <br = class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div = class=3D"">I guess the other question to ask is whether ~45 kilobytes = per second of additional entropy is even useful in a typical situation? = There's no strict security requirement or anything like that, it's = really just a fun project that I'm hoping to actually use. :) All = entropy is good entropy, right?<br = class=3D""></div></div></blockquote><div><br class=3D""></div>What's = your threat model?</div><div><br class=3D""></div><div>Guessing 256 bits = by brute force alone is such a good approximation to impossible in human = timeframes that even a demigod would not bother trying. Supplying that = much entropy per second may be good for generating "true" randomness = only if you believe the accumulator and generator were broken = cryptographically, but for everyday use that would be excessive by very = many orders of magnitude.</div><div><br class=3D""></div><div>Having an = idea about how good your source is, would be a useful exercise. A basic = and easy measurement would be to calculate the Shannon entropy of your = source. This will give an estimate of the equivalent number of bits of = entropy that it supplies, under the conditions of your measurement. = See <a = href=3D"https://en.wikipedia.org/wiki/Entropy_(information_theory)" = class=3D"">https://en.wikipedia.org/wiki/Entropy_(information_theory)</a>&= nbsp;- H(X) is the Shannon entropy, measured in bits if b =3D 2 (see = lower down in that page for the definition).</div><div><br = class=3D""></div><div>M<br class=3D""></div><div class=3D"">-- <br = class=3D"">Mark R V Murray</div> <br class=3D""></body></html>= --Apple-Mail=_667BF386-02F2-43E4-847F-D0881038806B-- --Apple-Mail=_D75555FF-2A6F-4774-9BEB-85C39903F57B Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.2 Comment: GPGTools - http://gpgtools.org iQEzBAEBCgAdFiEEyzPHvybPbOpU9MCxQlsJDh9CUqAFAmJANeQACgkQQlsJDh9C UqC1rQf/WXHX3T6IZdvRgfbr1hexjSCD/rSAeyMN+Td3/AH8InbTuQzm50wKyz0u MDNJ8MFDAxfcCihJjkA5G7vnnkTN7AMes1zCWdfW+pmnu0VXgQN90NDZbAsJUZ7d Gtf1k7IHdRgNb1ZOmqDnwzY626aFUM1lak/Hq9/AEfRjdS3D3LnRhGp4v5Www5tG qrwKRptN+RIi2cd8L1pi9Rh+bblotjvG6d5EMfJYg68chS7/6LrvF938hkwEBJwB h3r1KsqsQ13k1AHRLuXEuOjlbXnr9GyVbA+S3d/Xx32pbSUvZ2t2+bfxwNc71+AJ HIb9cnnW9cJ2n2/4UxY7f3UGZKmTCA== =tu1c -----END PGP SIGNATURE----- --Apple-Mail=_D75555FF-2A6F-4774-9BEB-85C39903F57B--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BD197409-7C3D-4FB9-9E7B-4AB9D3F14C2E>