[Ach] Random number generators (was Bug/Ba in OpenSSL)

Ralf Schlatterbeck rsc at runtux.com
Tue Nov 26 15:49:08 CET 2013

On Tue, Nov 26, 2013 at 01:28:50PM +0100, Adi Kriegisch wrote:
> Hi!
> > I still don’t think that we should recommend switching to other RNGs
> > then those provided by the OS. If we do so, please cite why one
> > should do that.
> Actually we're talking about two things here: HAVEGE and haveged: HAVEGE is
> an algorithm and haveged is a Linux/UNIX daemon that injects its entropy
> into the Linux/UNIX entropy pool.

Yes, but haveged is an implementation of the original 2003 HAVEGE
algorithm. And, yes, I agree that this implementation should be used if
we recommend anything. I haven't looked at the code though.

> Switching from /dev/(u)random to something else is ridiculous as a
> recommendation for our paper.


> The question is wether it makes sense to suggest using haveged as an
> additional source of entropy on a server.

I think for embedded devices it definitely makes sense to run haveged
for getting more entropy. Sad fact is that OpenSSL doesn't seem to be
configurable to use /dev/random instead of /dev/urandom, otherwise I'd
recommend that too, at least for embedded devices.

> (btw. I checked KVM and XEN on a recent Debian for availability of
> RDRTC in guests and both of them implement that function and *do NOT*
> just return 0 or 1, so there should be at least some entropy comming
> out of haveged...

Thats good news. It would be interesting where the RTC values come from
(from the host kernel?) Note that the kernel RNG also needs a working
clock source.

Dr. Ralf Schlatterbeck                  Tel:   +43/2243/26465-16
Open Source Consulting                  www:   http://www.runtux.com
Reichergasse 131, A-3411 Weidling       email: office at runtux.com
allmenda.com member                     email: rsc at allmenda.com

More information about the Ach mailing list