Up to Main Index Up to Journal for February, 2013
JOURNAL FOR WEDNESDAY 6TH FEBRUARY, 2013
______________________________________________________________________________
SUBJECT: Raspberry Pi hardware random number generator
DATE: Wed Feb 6 23:03:49 GMT 2013
POSTED: Sat Feb 9 22:00:01 GMT 2013
I just found out that a bcm2708_rng Linux kernel module was added to the
latest updates available for the Raspberry Pi. Wait a minute, rng? The Pi has
a hardware random number generator? Sweet! Having used VIA processors with
their PadLock RNG I was keen to see if it worked and how good it was. For
comparison I tested on the Pi with and without the RNG running and also on my
workhorse Core i7 860 using rngtest:
cat /dev/random | rngtest -c 1
Sadly I don't have a running system with a PadLock anymore :( Also on the i7
and Pi without RNG the available entropy is pitiful, usually well below 50.
You can check the amount of available entropy on Linux using:
cat /proc/sys/kernel/random/entropy_avail
Not enough entropy can cause all sorts of performance problems with things
like SSH, TLS-encrypted email connections, HTTPS on a web server - basically
any kind of cryptography really. The results without an RNG below show how low
entropy can be an issue. This is particularly true on headless servers which
can't collect entropy from keyboards and mice. Generating more entropy on a
headless Pi is particularly painful if you only have ethernet or a WiFi
dongle plugged in.
On to the results!
CORE i7 860 - NO RNG
--------------------
rngtest: input channel speed: (min=61.002; avg=61.002; max=61.002)bits/s
rngtest: FIPS tests speed: (min=96.331; avg=96.331; max=96.331)Mibits/s
rngtest: Program run time: 327855932 microseconds
RASPBERRY PI WITH RNG DISABLED
------------------------------
rngtest: input channel speed: (min=8.692; avg=8.692; max=8.692)bits/s
rngtest: FIPS tests speed: (min=6.102; avg=6.102; max=6.102)Mibits/s
rngtest: Program run time: 2300989476 microseconds
RASPBERRY PI WITH RNG ENABLED
-----------------------------
rngtest: input channel speed: (min=555.496; avg=555.496; max=555.496)Kibits/s
rngtest: FIPS tests speed: (min=6.185; avg=6.185; max=6.185)Mibits/s
rngtest: Program run time: 56197 microseconds
The main points of interest here are the input channel speed and run time:
Now you can buy hardware random number generators such as the Entropy Key[1]
from Simtec electronics for £36+VAT+Shipping.
However...
What if you used the entropy generated from the RNG in a Raspberry Pi to feed
a headless server? Would be cheaper. Maybe you could distribute the entropy to
multiple servers? Wonder what the quality of the randomness would be like.
Well running this seems to work between the Pi and i7:
ssh 192.168.1.1 cat /dev/random | rngd -f -r /dev/stdin
Testing again on the i7 we now get:
rngtest: input channel speed: (min=9.232; avg=9.232; max=9.232)Mibits/s
rngtest: FIPS tests speed: (min=102.546; avg=102.546; max=102.546)Mibits/s
rngtest: Program run time: 8545 microseconds
Much better :)
But wait! If you are taking all of the randomness from the Pi won't it shrivel
up and be more like a rasin? Well we are not sucking the Pi dry, if you add
the 'pv' command into the pipeline you can see that more data is only supplied
when it is needed:
ssh 192.168.1.1 cat /dev/random | pv -Wrb | rngd -f -r /dev/stdin
Yes - I know all this isn't WolfMUD related but... it IS fun!
--
Diddymus
[1] Simtec Entropy Key http://www.entropykey.co.uk
Up to Main Index Up to Journal for February, 2013