[openssl-users] PRNG is not seeded

Wed May 30 14:45:43 UTC 2018

> On 30 May 2018, at 11:55 PM, Michael Wojcik <Michael.Wojcik at microfocus.com> wrote:
> 
>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
>> Of FooCrypt
>> Sent: Tuesday, May 29, 2018 21:41
>> To: openssl-users at openssl.org
>> Subject: Re: [openssl-users] PRNG is not seeded
>> 
>>> On 30 May 2018, at 8:58 AM, Scott Neugroschl <scott_n at xypro.com>
>> wrote:
>>> 
>>> I’m using PRNGD to seed my random numbers (I’m on a system without
>>> /dev/random and /dev/urandom).   I occasionally get the dreaded “PRNG is
>>> not seeded” error.
>> 
>> I don’t know your OS or environment, have you tried the ‘openssl rand’
>> functionality as a random source to seed your entropy issues ?
> 
> Where would openssl rand be getting its entropy from, in this case? You have a circular dependency: openssl needs entropy, so it tries to get it from PRNGD; and you're asking openssl to put entropy into PRNGD.
> 

Usage: rand [options] num
where options are
-out file             - write to file
-engine e             - use engine e, possibly a hardware device.
-rand file:file:... - seed PRNG from files
-base64               - base64 encode output
-hex                  - hex encode output

RAND(1) describes the multiplicity of sources that can all be used together in some detail.

DESCRIPTION
       The rand command outputs num pseudo-random bytes after seeding the random number generator once.  As in other openssl command line tools, PRNG seeding uses the file
       $HOME/.rnd or .rnd in addition to the files given in the -rand option.  A new $HOME/.rnd or .rnd file will be written back if enough seeding was obtained from these sources.

ls -la ~/.rnd
	-rw-------  1 XXXXX  XXXXX  1024 30 May 10:45 .rnd

Make some .rnd’s

	dd if=/dev/[SOMEDEVICE] of=~/.rnd bs=1 count=1024

Make an engine

	Microphones work wonders and you can play with the sound, count, etc….etc….etc...

>> perhaps rather than pseudo random, try a hardware device ?
> 
> Now, this is a case where you might use openssl rand, in conjunction with engine, to get entropy from another source. That could be a useful hack if you can't easily change PRNGD or the application to read entropy from the device.
> 
> For example, I think I successfully used openssl with the pkcs11 engine to get entropy from a NitroKey device a couple of years back, when I was playing around with cheap HSMs.
> 
> Whether something like the NitroKey (which is an inexpensive USB-attached HSM in a thumbdrive form factor) would be useful in this case is something Scott would have to determine.
> 
> If it is, it'd be cleaner if he could change the application to load the pkcs11 engine and use its RNG directly, or at least get entropy from it to seed OpenSSL's PRNG.
> 
>>> I know this is caused by a lack of available entropy in the system; but what
>>> can I do to address this?  Is it just a matter of waiting until enough entropy
>>> has been collected?  Is there any kind of workaround?
> 
> Depends on what sources PRNGD uses (I haven't looked), what the device is, what the application is... If the device has sensors you can read, you might be able to gather some entropy by reading noise from them (though this is somewhat fraught - you don't want to overestimate the amount of entropy, and both sensors and sensor APIs are often vulnerable to attack).
> 
> Sometimes applications ask users to generate some entropy by asking them to  bang on the keyboard or wiggle the mouse, or that sort of thing. Again, it really depends on what your device and application are.
> 
> This topic is discussed at some length in the technical literature; see for example section 3 of RFC 4086.
> 
> --
> Michael Wojcik
> Distinguished Engineer, Micro Focus
> 
> 
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users