Hi. I've been playing a bit with "use sound card as an entropy source" idea. This simple program does what I wanted: http://people.freebsd.org/~pjd/misc/sndrand.tbz The program is very simple, it should be run with two arguments: % sndtest /dev/dspW 1048576 > rand.data This command will generate 1MB of random data. With my sound card: pcm0: <Intel ICH3 (82801CA)> port 0xe100-0xe13f,0xe000-0xe0ff irq 11 at device 31.5 on pci0 pcm0: [GIANT-LOCKED] pcm0: <Cirrus Logic CS4299 AC97 Codec> It produce very good entropy. I tried those tests to prove its quality: - FIPS 140-2 tests - 'ent' tests: http://www.fourmilab.ch/random/ - Famous 'diehard' tests The full output from diehard tests is here: http://people.freebsd.org/~pjd/misc/sndrand_diehard.txt The idea of using sound card as entropy source was taken from RFC 1750. If people like the idea and someone more skilled than me in this subject can review this stuff, we can start to put it into kernel "random infrastructure". It could also be implemented as userland daemon which writes collected entropy to /dev/random maybe... -- Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20050307/c1239433/attachment.bin
In message <20050307130330.GX9291@darkness.comp.waw.pl>, Pawel Jakub Dawidek wr ites:>I've been playing a bit with "use sound card as an entropy source" idea. >This simple program does what I wanted:Can you give a quick summary: What sample setting do you use ? What gain setting do you use ? Have you run experiements where you have attached various signal sources to the input ? Music ? Pure sine tone ? -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Pawel Jakub Dawidek writes:> The program is very simple, it should be run with two arguments: > > % sndtest /dev/dspW 1048576 > rand.data > > This command will generate 1MB of random data.Er, not very random.> With my sound card: > > pcm0: <Intel ICH3 (82801CA)> port 0xe100-0xe13f,0xe000-0xe0ff irq 11 at dev> ice 31.5 on pci0 > pcm0: [GIANT-LOCKED] > pcm0: <Cirrus Logic CS4299 AC97 Codec>Did you have a noise source connected? I generated 1MB of data and it was not very random at all. "hexdump -C data" showed the data was very poor indeed.> It produce very good entropy. I tried those tests to prove its quality: > - FIPS 140-2 tests > - 'ent' tests: http://www.fourmilab.ch/random/ > - Famous 'diehard' tests > > The full output from diehard tests is here: > > http://people.freebsd.org/~pjd/misc/sndrand_diehard.txt > > The idea of using sound card as entropy source was taken from RFC 1750.That RFC mentions connecting the sound card to a noise source.> If people like the idea and someone more skilled than me in this subject > can review this stuff, we can start to put it into kernel > "random infrastructure". It could also be implemented as userland daemon > which writes collected entropy to /dev/random maybe...I like the idea, but we need a bit more hardware assistance, I think. M -- Mark Murray iumop ap!sdn w,I idlaH