Note: the last paragraph mentions `rngtest` as a way to test the quality of the random generator. However, testing `/dev/urandom` also returns ~1000 successes and no failures, so this doesn't really show the strength of the hardware generator compared to the much faster urandom (which I assume produces "less random" results)...
Warning regarding /dev/urandom
Regarding this warning:
Warning: Some tutorials available on the Internet recommend the following line for systems without TRNG: RNGD_OPTS="-o /dev/random -r /dev/urandom" Of course, this is a really bad idea, since you are simple filling the kernel entropy pool with entropy coming from the kernel itself! If your system does not have an available TRNG consider using haveged instead. See FS#34580 for details.
In cursory testing on a variety of kernels (Ubuntu, kernel = 4.4, with hwbacked rng and Fedora, kernel 4.11 without hwrng) and systems using dieharder, a current kernel's /dev/urandom will perform roughly as well as a tpm/hwrng backed /dev/random. That cannot be said for a haveged backed /dev/random. This likely needs to be revisited.
As a note of comparison, /dev/urandom from kernel < 4.8 fails every test in the dieharder suite (Tested on Centos 7, kernel=3.10).
This addition was removed due to lack of citation, the citations are here. The above Wikipedia article discusses the cryptographic security of the underlying algorithm.
- What reference justifies the use of
rngd -r /dev/urandom? As far as I'm aware, this does not depend on any underlying algorithm, but the overall structure of random number generation in the kernel, discussed in this article (linked from the warning in question). AFAIK, it hasn't changed for a long time. -- Lahwaacz (talk) 20:05, 30 June 2017 (UTC)
Obsolete in newer kernels?
Is rng-tools benefit likely reduced for users of Linux kernels version 5.6 and above now, similar to Haveged? I get excellent (>70MB/s) results running the test cited on this page, without any installation of the rng-tools package or any other extra rng tooling present on my system.
From the header of the Haveged page:
The issue comment from Haveged has several links documenting the Linux kernel change, here: https://github.com/jirka-h/haveged/issues/57#issuecomment-803705461
- The specific thing that changed is that
/dev/urandom. Haveged existed because
/dev/randomblocks when it detects that not enough entropy is available. This is not applicable to
/dev/urandom, so it has become obsolete. rng-tools/rngd does the same. Anything that "generates entropy", entropy/random data is infinite after the pool is initialized, is not needed anymore.
- -- NetSysFire (talk) 00:50, 17 August 2021 (UTC)
- Whatever algorithm haveged is using didn't help when generating key pairs on my remotely connected armv7h device, so I had to use rng-tools with /dev/hwrng. Without proper testing, I wouldn't make any conclusion about rng-tools, as there might be situations where a hw random generator is needed. Tinywrkb (talk) 22:43, 23 August 2021 (UTC)