1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • seeding /dev/random from a security key

    From =?UTF-8?B?QmrDtnJu?= Persson@21:1/5 to All on Mon Mar 25 21:40:02 2024
    Hello!

    In a quest to acquire hardware random number generators for seeding
    /dev/random on servers that lack a built-in entropy source, I'm
    investigating how random data can be obtained from a security key such
    as a Nitrokey, Yubikey or a similar device.

    RNGD version 6 from https://github.com/nhorman/rng-tools can fetch
    random data through a PKCS #11 interface, but the two versions of RNGD
    in Debian seem to lack that ability. Debian has rng-tools5 and rng-tools-debian, but not Neil Horman's version 6. Or am I just failing
    to find it?

    SCDrand from https://incenp.org/dvlpt/scdtools.html can also obtain
    random data from a "smartcard"-compatible device, but I don't find that
    in Debian either.

    Does anyone know of another way to obtain random data from devices of
    this kind?

    Björn Persson

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEE52SginNFTPmg+iBb4Tha3NZK5j8FAmYB3XcACgkQ4Tha3NZK 5j+j1Q/9GmsgkoBiLMfnN7pdw8BykbPkobIuUzjFzTm53imwiVzgaITxBKRqrbvx ZoySm5rdgtIZXF9zOzflyExnLQiYNYtEcFXtuqh5D8RmdzpFkTpCC66SG3vGlCRN 7xl0RvtNgkpvSX4QqIARL8QMY7vf2CMWMOfHuBGcp1cND91wPJuJalsDh1MPCWrJ J7EH9Da/Drt3JN2e0Xa8favg3MdLqQfd7I0pFp0P4VAOOjXPdAyz0ecvt/zpOgMI qEbkvsEMSHCt3CWV8+ak4UoQB8UGnhXFB4s1URXPzT9ukyRM4uJwbkf12EhRTKmU +KvrDXJwB6GYCKH6pTs4fL1ZP22nVc4+I/y8VVud4CLHres9ciOWLGyv3q6u75jI fYxFRx7eJNIX5gKjcVbv7xdKBoj59tp7P/Bk3qo0gX3uS3P61S1kbykTY6Vn7x6q 9b/QvhpdMekkOTw8J23vginmEldZPYaMiPJagYDYkdytdQ4jPLwofwHXj0vWK5j8 k7OOn0Z8AQpsbamHHyZPMfFv8yFKmBaLCLbv+civRC1QCdCzMmfYYVA7tuPXuEjK ExERU1uxZ56czUVPig0xHDM1xdBzVtvY6JdBsFOnp0Z8Y6+WWhtUMKiwfS9rhNJg L/oUiJNvAq+axvMVquYUrf9n0ihHvFNwTIcemTQBhd0Xd1bgikE=
    =7ODY
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andy Smith@21:1/5 to All on Mon Mar 25 22:30:01 2024
    Hi,

    On Mon, Mar 25, 2024 at 09:24:23PM +0100, Bj�rn Persson wrote:
    Does anyone know of another way to obtain random data from devices of
    this kind?

    I have some EntropyKeys and some OneRNGs. I have the rngd packaged
    in Debian feeding /dev/random from them.

    This had an actual noticeable effect in Debian 9 and earlier, but
    since the reworking of Linux's random subsystem I cannot demonstrate
    any benefit unless I disable all use of the RDRAND CPU instruction.

    EntropyKey is a dead product that can no longer be obtained but
    OneRNG is still in production. On their mailing list however, there
    is a recent discussion about whether there any point. The conclusion
    seems to be "not really". Thread starts here:

    http://lists.ourshack.com/pipermail/discuss/2024-March/000797.html

    The thread covers how to make rngd feed /dev/random from a OneRNG in
    Debian 12, but it is no longer possible to tell if that does
    anything useful.

    I most likely will not be replacing these devices when they fail.

    Thanks,
    Andy

    --
    https://bitfolk.com/ -- No-nonsense VPS hosting

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From [email protected]@21:1/5 to Andy Smith on Mon Mar 25 23:10:02 2024
    On 3/25/24 17:27, Andy Smith wrote:
    The thread covers how to make rngd feed /dev/random from a OneRNG in
    Debian 12, but it is no longer possible to tell if that does
    anything useful.

    If not from devices like this, from where does Debian get its randomness?

    --
    For is it not written, wheresoever two or three are gathered
    together, yea they will perform the Parrot Sketch.

    -- Rob on ASR

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Greg Wooledge@21:1/5 to [email protected] on Mon Mar 25 23:50:01 2024
    On Mon, Mar 25, 2024 at 06:09:02PM -0400, [email protected] wrote:
    On 3/25/24 17:27, Andy Smith wrote:
    The thread covers how to make rngd feed /dev/random from a OneRNG in
    Debian 12, but it is no longer possible to tell if that does
    anything useful.

    If not from devices like this, from where does Debian get its randomness?

    random(4) (i.e. "man 4 random") gives a basic introduction to the topic,
    if you have manpages-dev installed.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?B?QmrDtnJu?= Persson@21:1/5 to Andy Smith on Tue Mar 26 00:20:01 2024
    Andy Smith wrote:
    EntropyKey is a dead product that can no longer be obtained

    I've seen several like that. They're permanently sold out, or the
    webshops are abandoned and half-broken. Pure random number generators
    that are actually possible to buy are rare. That's why I'm
    investigating whether security keys can be used instead. Security keys
    are available from multiple vendors, but it's hard to find any
    information about the random number generators inside them.

    OneRNG is still in production.

    I tried to buy one of those a while ago, but I couldn't because the
    shop didn't like my card number.

    On their mailing list however, there
    is a recent discussion about whether there any point. The conclusion
    seems to be "not really". Thread starts here:

    http://lists.ourshack.com/pipermail/discuss/2024-March/000797.html

    The thread covers how to make rngd feed /dev/random from a OneRNG in
    Debian 12, but it is no longer possible to tell if that does
    anything useful.

    It is indeed harder to tell since Linux stopped keeping track of the
    entropy level, and it's now necessary to force-feed /dev/random
    periodically instead of waiting for the entropy level to drop.

    A random number generator is still useful on a server with no keyboard,
    no spinning disk and no RDRAND or similar processor instruction.
    Otherwise network traffic becomes the only source of entropy, and I'd
    rather not rely solely on events controlled by other computers.

    It also helps to mix entropy from multiple sources, in case one of them
    has a design flaw or a backdoor, or breaks down, or loses its driver
    like in Debian bug 1041007.

    Björn Persson

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEE52SginNFTPmg+iBb4Tha3NZK5j8FAmYCBicACgkQ4Tha3NZK 5j/vJRAAhA8qnfgg6MllVPtFZp5qAKBVsNjdkBiLVQxpN2WOOpGKSa4fiwyvhxz6 mAxGkPtD+ULToCmAP0IBt/1tNKu45mfQ714Qy1tCYhMxOfTYjKIj2oBftH9Q2jPo u8r1Ix8ntSdKGEv8+sT+SQLS3mvEyI/aygmuNtLKHRTPy+jYIZ72ycqMmL+VrWCC 7OBD89uIvM5e5H/WS99+KpT9shhhQGHMUO6pFmHLmlMl5PekcyOe/vsNZYp/MwFl QjpVZwKvSyDItvwz03cNOCNYWZk7ekBJbzd3KCpVN41Ai2DhsJ9dwodtHoGEvQWn GRx6oy0Zi3vZh72CbjL1ZhC6kv9kkUclvuW9nFKR+G0FBKHDrhOWBK2B42bDnswv WDANx4cY4FvlscQG3RqcfcW7jaPxs3u8DmXFxJMIxC3VZ/gltNEG7EkUWsKtrSup NIgEpx1WegqkRcL6RR/wSaO0oJZXZ31lfl9LOdWfTtf0Y5LnVY9gR/vyITE5qEMF isrqMQ2njBDCmig+pJcF4RNZ1OxxRt85Vs02IBz+H1TbIlr7Dtknig9kVNdfGMNL 0sa6keJKGSILH44hbrkyLcxfNwRtA8MGtnJJUPGBM+/9P0/LjxRieQrlicY5XNJz PvP4xx8GIrdrFNx2Fd1+Mu9A5V/dXqaK242IjpIa2lXHQn4t1p4=
    =3W7i
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?B?QmrDtnJu?= Persson@21:1/5 to Jeffrey Walton on Tue Mar 26 17:00:01 2024
    Jeffrey Walton wrote:
    Out of morbid curiosity, what hardware are the servers using? RDRAND
    and RDSEED have been available since about 2012, so it is mostly
    ubiquitous nowadays.

    Do you mean I should add to the e-waste pile by throwing away working
    hardware and buy an entire new computer instead of buying a tiny dongle?

    Be careful of rng-tools. It does not do a good job for non-mainstream generators, like VIA's Padlock Security Engine. And rng-tools did not
    support generators for architectures, like you would find on ARM,
    aarch64 and PowerPC.

    I figure it can be used with devices it supports even if there are some
    other devices it doesn't support – but it looks like I'd have to build
    it from source myself.

    OpenSSL and GnuPG should be
    able to extract the entropy from the card, and then use it to seed /dev/{u}random.

    This job requires a daemon. OpenSSL is a library. Or do you mean its command-line tool? So how would I tell that to fetch random data
    through PKCS #11?

    GnuPG at least has a daemon called scdaemon. Is that what you mean? So
    how would I tell that to fetch random data through PKCS #11 and write
    to /dev/random?

    Björn Persson

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEE52SginNFTPmg+iBb4Tha3NZK5j8FAmYC7vcACgkQ4Tha3NZK 5j8V+RAAoGnbEzSIzA0QAaeMHbR5/eCtOk7eH30AuE3LDhAT62ERTJ5PkgN+ymLQ G/GM7YusCU1MjIkUHeC+Cvy3OU3soHyXq9F0hAFmRpbDPUx37zkddPRL8RjR6ao4 vLRW/dudejX7pBpvhDpMuTGuq8pOCdoe7nm+GGFUy6K0iyoY29YL/rOK4wS4i6sY Dn5hJjYHvAX5CazENVipyTPnwrOV7R3IDIVUKhfD3BLhuuTEGyFN6RfNjuuHakKo TZMjsWJXXPNbz1Z6fLT9u7pA4VpcOvlXuLSjSF0Uk2ay+pG6ZgpZ+zwHKhW7D86c J8jYyV/VRZjvPtYfjsWrUv5tB5furxwi7QFsk1KAjGPxmvPJov4gDh9yAh1PKua2 m5c9IOqay/IB+UH/JjBEKhKDA1zvUMpv0CY1kRsfQ3Hfqvu/DAPzRPSRK0XPxVXK Bcj5N0yRQspC8ZcXed/DMohVTrVA9kGJrXs+hsw0npEs1zEnP4hypohRSG02Cs1Y NEOBJDjTjNmIRMzovGajr35EIAnIpUl2ikaEbtwH9QE9LRelIB9evQ5vHNHwAfdE DzqRKNcEYQa3mav32lyOkHsI/7dDIbcYg+AYwnrcpaC48vUr7ZDiTK5SrxdTVpbu 53LX0YIMpJm5qLUD5Be1N9bLtAeskL54vy0qHGf9mUJoBGHpQFI=
    =+D4o
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?B?QmrDtnJu?= Persson@21:1/5 to Jeffrey Walton on Wed Mar 27 00:20:02 2024
    Jeffrey Walton wrote:
    For what you want to do, and if I am parsing it correctly... I would
    write a daemon in C [...]

    Only in the unlikely case that both RNGD and SCDrand turn out unsuitable somehow. Writing and compiling a daemon is no less work than compiling
    an already written daemon.

    The part about extracting the entropy from the source would use
    OpenSSL or GnuPG. I believe you would compile and link to OpenSSL's libcrypto.{a|so}, or GnuPG's libgcrypt.{a|so}.

    RNGD 6 actually uses OpenSC's libp11, where it calls the function PKCS11_generate_random, which in turn calls the PKCS #11 function C_GenerateRandom.

    Björn Persson

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEE52SginNFTPmg+iBb4Tha3NZK5j8FAmYDVjsACgkQ4Tha3NZK 5j8vFRAAikJHQTSxtYdE2ccazxkesRzNFTi+84igx8vO9OnuL/D1IxLMgXZKNT1l bNZhQx3rPFw5EGojhEMF3mTDzYfpoIo0cpYiKu/oTYrf8giXIwIQdDIAaaB13Bx7 OJqoGUUG2EXs6hqT/gF+4kJKpgvbziy0R96JsMPc+sSDS9nPKFHHakrkmOyD6lTA ERY8USQUypp1gLnyPql9g7GTi9MkMsAhTFZWoofxkN1A+gSbgaRw8O0mGCITSRid 6cJWZzXB92orz2wYCGlDmdmd5YminW7AKo5bTqHh5PQ8x45gwxXComaYmLyB3WjG IxktWv9Al2N8sEMA5NFXLQTh5qfFmQ3q0JyaIQdBsvvIen4gOr+WwJErE4MMrBMo bt9Jbgvi2is0D8ZwgpzchDosKgf6qdFWhNPAPFMkdPMLvq0c0ciclbdRYpQtiGbP vYCq9n98vpPvBMTGHwkkE9ZiV4R5s6JB3W/3djeYCUajlKJRSSuMV37r6rRzQ87F JaT7qQWZ5S4YZ29w7OmbHH4vf1+3jHIKWJl3/mnNWUxH0Z0HCruhr4suJMzHrVId 03kpOA8DXOhL+wccWOgDIn//tkbCKDtTsY7s0IuWnA537GImJw0lnXkh+3D9P63W HA0UTY71zQQN0zdL18Q/vDArxau8WFSMj6xcIt/F1qhie8lBs1M=
    =NL3d
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)