I've been investigating this some more (this time with SlugOSBE-5.3-beta) and it seems like there isn't a hardware random number generator. There isn't any mention of one in the datasheet that I could find for the IPX422 <http://www.alldatasheet.com/datasheet-pdf/pdf/168291/INTEL/FWIXP422BB.html>. And if I try to read it, I get nothing even after waiting several minutes (I do get something from it initially, but subsequent reads yield nothing, even a long while later).
Worse, the initial junk isn't random:
# dd if=/dev/hwrng bs=2500 count=10 | rngtest -t 1On the latest attempt, if I try to run rngd with it,
rngtest 2
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
10+0 records in
10+0 records out
rngtest: entropy source drained
rngtest: bits received from input: 200000
rngtest: FIPS 140-2 successes: 0
rngtest: FIPS 140-2 failures: 9
rngtest: FIPS 140-2(2001-10-10) Monobit: 9
rngtest: FIPS 140-2(2001-10-10) Poker: 9
rngtest: FIPS 140-2(2001-10-10) Runs: 9
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 9
rngtest: input channel speed: (min=1.220; avg=5.779; max=389.255)Mibits/s
rngtest: FIPS tests speed: (min=4.023; avg=4.344; max=4.424)Mibits/s
rngtest: Program run time: 88048 microseconds
# rngd -f -o /tmp/randomSample -r /dev/hwrngThis continues for a while, and when this initial junk runs out
failed fips test
failed fips test
failed fips test
failed fips test
failed fips test
failed fips test
failed fips test
Segmentation fault
I've tried this across a few reboots and power-downs, and the results appear to be consistent. From this, I'm concluding that without additional hardware, rng-tools (rngd) can't really add anything useful to the entropy pool. I'm also concluding that despite the presence of /dev/hwrng, no *working* hardware random number generator exists on the Linksys NSLU2.
So to reply to my old email (below), without additional hardware, I was just sacrificing precious memory by running rngd.
-Jimmy
On 04/20/08 19:28, Jimmy C. Chau wrote:
I am using SlugOS/BE-4.8-beta. I have noticed that /etc/init.d/rng-tools has an error that prevents rngd from starting: rngd is set to /usr/local/sbin/rngd instead of /usr/sbin/rngd, where it actually is. I have corrected that on my NSLU2, but then I noticed that /dev/hwrandom did not exist; the closest match was /dev/hwrng, so I added the option "-r /dev/hwrng" to the init file.
Now everything appears to work okay. My remaining issues are whether the IXP422 actually has a random number generator; where does /dev/hwrng lead? Am I improving my entropy pool by running rngd (or am I foolishly sacrificing precious memory)? Can someone who knows more about the NSLU2 please enlighten me about this? Thanks in advance.
Below is some more information.
-Jimmy C. Chau
<jchau@bu.edu>
Here is the output from "ipkg info rng-tools"
Package: rng-toolsHere is my modified /etc/init.d/rng-tools:
Version: 2-1
Depends: update-rc.d, libgcc1 (>= 4.1.2), libc6 (>= 2.5)
Status: install ok installed
Section: base
Architecture: armv5teb
Maintainer: OpenEmbedded Team <openembedded-devel@lists.openembedded.org>
MD5Sum: d3d0f6341a38d64ae4404a7196eedca3
Filename: rng-tools_2-1_armv5teb.ipk
Source: http://heanet.dl.sourceforge.net/sourceforge/gkernel/rng-tools-2.tar.gz file://init
Description: Random number generator daemon
#! /bin/sh
#
# This is an init script for openembedded
# Copy it to /etc/init.d/rng-tools and type
# > update-rc.d rng-tools defaults 60
#
# Modified by Jimmy C. Chau <jchau@bu.edu> 2008 Apr 20
# The following line was edited from 'rngd=/usr/local/sbin/rngd'
rngd=/usr/sbin/rngd
test -x "$rngd" || exit 1
rngd_options="-r /dev/hwrng"
case "$1" in
start)
echo -n "Starting random number generator daemon"
start-stop-daemon --start --quiet --exec $rngd -- $rngd_options
echo "."
;;
stop)
echo -n "Stopping random number generator daemon"
start-stop-daemon --stop --quiet -n rngd
echo "."
;;
reload|force-reload)
echo -n "Signalling rng daemon restart"
start-stop-daemon --stop --quiet --signal 1 --exec $rngd
start-stop-daemon --stop --quiet --signal 1 --exec $rngd
;;
restart)
echo -n "Stopping random number generator daemon"
start-stop-daemon --stop --quiet -n rngd
echo "."
echo -n "Starting random number generator daemon"
start-stop-daemon --start --quiet --exec $rngd -- $rngd_options
echo "."
;;
*)
echo "Usage: /etc/init.d/rng-tools {start|stop|reload|restart|force-reload}"
exit 1
esac
__._,_.___
MARKETPLACE
.
__,_._,___
Thanks, a really interesting read – added to bookmarks so will check back for new content and to read other people’s comments. Cheers again. visit
ReplyDelete