From ArchWiki
Jump to navigation Jump to search


Note: the last paragraph mentions `rngtest` as a way to test the quality of the random generator. However, testing `/dev/urandom` also returns ~1000 successes and no failures, so this doesn't really show the strength of the hardware generator compared to the much faster urandom (which I assume produces "less random" results)...

EDIT: Well, maybe urandom isn't that bad

--Gyscos (talk) 04:20, 11 June 2017 (UTC)

Warning regarding /dev/urandom

Regarding this warning:

Warning: Some tutorials available on the Internet recommend the following line for systems without TRNG: RNGD_OPTS="-o /dev/random -r /dev/urandom" Of course, this is a really bad idea, since you are simple filling the kernel entropy pool with entropy coming from the kernel itself! If your system does not have an available TRNG consider using haveged instead. See FS#34580 for details.

This seems less true now. The entropy source for /dev/urandom was rewritten in kernel 4.8 to use chacha20: written by DJ Bernstein:

In cursory testing on a variety of kernels (Ubuntu, kernel = 4.4, with hwbacked rng and Fedora, kernel 4.11 without hwrng) and systems using dieharder, a current kernel's /dev/urandom will perform roughly as well as a tpm/hwrng backed /dev/random. That cannot be said for a haveged backed /dev/random. This likely needs to be revisited.

As a note of comparison, /dev/urandom from kernel < 4.8 fails every test in the dieharder suite (Tested on Centos 7, kernel=3.10).

This addition was removed due to lack of citation, the citations are here. The above Wikipedia article discusses the cryptographic security of the underlying algorithm.

—This unsigned comment is by Osteichthyes (talk) 23:02, 29 June 2017‎. Please sign your posts with ~~~~!

What reference justifies the use of rngd -r /dev/urandom? As far as I'm aware, this does not depend on any underlying algorithm, but the overall structure of random number generation in the kernel, discussed in this article (linked from the warning in question). AFAIK, it hasn't changed for a long time. -- Lahwaacz (talk) 20:05, 30 June 2017 (UTC)

Obsolete in newer kernels?

Is rng-tools benefit likely reduced for users of Linux kernels version 5.6 and above now, similar to Haveged? I get excellent (>70MB/s) results running the test cited on this page, without any installation of the rng-tools package or any other extra rng tooling present on my system.

From the header of the Haveged page:

Note: Haveged is obsolete since kernel v5.6[1][2]

The issue comment from Haveged has several links documenting the Linux kernel change, here:

--- craSH (talk) 16:39, 16 August 2021 (UTC)

The specific thing that changed is that /dev/random effectively became /dev/urandom. Haveged existed because /dev/random blocks when it detects that not enough entropy is available. This is not applicable to /dev/urandom, so it has become obsolete. rng-tools/rngd does the same. Anything that "generates entropy", entropy/random data is infinite after the pool is initialized, is not needed anymore.
-- NetSysFire (talk) 00:50, 17 August 2021 (UTC)
Whatever algorithm haveged is using didn't help when generating key pairs on my remotely connected armv7h device, so I had to use rng-tools with /dev/hwrng. Without proper testing, I wouldn't make any conclusion about rng-tools, as there might be situations where a hw random generator is needed. Tinywrkb (talk) 22:43, 23 August 2021 (UTC)
The discussion above is about /dev/random and /dev/urandom, you've just used /dev/hwrng. — Lahwaacz (talk) 13:57, 25 August 2021 (UTC)