Note: the last paragraph mentions `rngtest` as a way to test the quality of the random generator. However, testing `/dev/urandom` also returns ~1000 successes and no failures, so this doesn't really show the strength of the hardware generator compared to the much faster urandom (which I assume produces "less random" results)...
Warning regarding /dev/urandom
Regarding this warning:
Warning: Some tutorials available on the Internet recommend the following line for systems without TRNG: RNGD_OPTS="-o /dev/random -r /dev/urandom" Of course, this is a really bad idea, since you are simple filling the kernel entropy pool with entropy coming from the kernel itself! If your system does not have an available TRNG consider using haveged instead. See FS#34580 for details.
In cursory testing on a variety of kernels (Ubuntu, kernel = 4.4, with hwbacked rng and Fedora, kernel 4.11 without hwrng) and systems using dieharder, a current kernel's /dev/urandom will perform roughly as well as a tpm/hwrng backed /dev/random. That cannot be said for a haveged backed /dev/random. This likely needs to be revisited.
As a note of comparison, /dev/urandom from kernel < 4.8 fails every test in the dieharder suite (Tested on Centos 7, kernel=3.10).
This addition was removed due to lack of citation, the citations are here. The above Wikipedia article discusses the cryptographic security of the underlying algorithm.
- What reference justifies the use of
rngd -r /dev/urandom? As far as I'm aware, this does not depend on any underlying algorithm, but the overall structure of random number generation in the kernel, discussed in this article (linked from the warning in question). AFAIK, it hasn't changed for a long time. -- Lahwaacz (talk) 20:05, 30 June 2017 (UTC)