HW RNG Generators?

S

scyto

Well-Known Member
Aug 8, 2023
576
140
53
I use my Proxmox to learn, not to do what is sensible :-)

So with that out of the way - can anyone educate me on HW RNG generators. Here is where i got to, and my probably stupid questions.

  • I installed a USB HW RNG
  • I validated it produces a stream of data
  • I installed rng-tools-debian
  • I configured the /etc/default/rng-tools-debian file
  • I enabled the service and it says it supplying the kernel pool from the device i installed
statements / questions:
  1. I believe this means that the pool /dev/random pulls from now get filled by the h/w device
  2. why is the pool capped on the proxmox kernel at 256 (supposedly it is 4096 on many kernels) and does this matter (got this answer here)
  3. does any of this matter, does anyone need a hw rng or can i just rely on software RNG or the TPM on the mobo (and how the heck do i configure that!)
  4. why is the userland package rng-tool so old compared to the latest version on github
I did look at the man pages and they are less than useful in how and why one should use various settings - if anyone has an opinion on what they should be then i would be interested if you have the time to educate me!

(why did i do this - well a long time ago i was involved in defence and at the time we use a custom windows GINA with custom seed and entropy that was unique to each separate environment to prevent windows passwords from being easily cracked - for context this was over 20 years ago, but the concept on entropy has intrigued me ever since (i am not revealing any secrets, this was a commercial HP product) - we got the entropy for that by having a machine up for days where people when they came in and out of the building had to move the mouse, type on the keyboard, etc - we never did attach the mouse to a dildo like one imaginative engineer suggested.)
 
well i guess the TPM may be being used afterall, that explains why /dev/hwrng is so much slower than /dev/urandom /dev/random

Code: 
root@pve1 21:40:39 /sys/class/misc/hw_random # cat rng_available
tpm-rng-0
root@pve1 21:40:43 /sys/class/misc/hw_random # cat rng_current
tpm-rng-0
root@pve1 21:40:49 /sys/class/misc/hw_random # cat rng_quality
1024
root@pve1 21:40:55 /sys/class/misc/hw_random # cat rng_selected
0

does this mean both the tpm and the usb based hw rng are feeding the kernel?
 
You must log in or register to reply here.
Top Bottom
Back