[openssl-users] PRNG is not seeded

[Jochen Bern]

On 05/31/2018 03:03 PM, openssl-users-request at openssl.org distributed:
> Date: Thu, 31 May 2018 18:45:02 +1000
> From: FooCrypt <openssl at foocrypt.net>
> 
> Place a teaspoon of fine grade white sand onto the skin of a snare drum

Macroscopic hardware TRNGs are a *tad* yesteryear

https://en.wikipedia.org/wiki/Lavarand

because observing *quantum* random events doesn't require large devices

https://en.wikipedia.org/wiki/Hardware_random_number_generator

(not to mention being IIUC harder to influence by an attacker so as to
make them lose randomness). Nonetheless, if you don't have the hardware
(builtin TPM?) and cannot easily connect one to the given platform (as I
suspect for the OP's architecture) ...

For general computing platforms, I've taken to installing (and, of
course, running and monitoring) haveged as a standard - on hosts *and*
VMs. It can run in an AIS-31 test mode if you want to check out the
entropy it collects.

https://wiki.archlinux.org/index.php/Haveged

>> On 31 May 2018, at 6:07 PM, chris.gray at kiffer.be wrote:
>> I've also encountered this quite often, and I have a feeling that on
>> today's connected devices there may be a lot of entropy "in the air"
>> (quite literally) which is not being captured. Does any one know of 
>> research in this area?

Not specifically for mobile phones or WiFi interfaces, if that's what
you're referring to with "in the air". However, squeezing available
entropy out of various less-than-predictable hardware and OS states is
what *all* non-hardware entropy gatherers ultimately do, from the Linux
kernel's /dev/random mechanisms to haveged to what-have-you.

Regards,
-- 
Jochen Bern
Systemingenieur

www.binect.de
www.facebook.de/binect

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4278 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180531/d0b3a35e/attachment.bin>