Hi!
I have just made the 0.9.0 release of PRNGD available.
PRNGD is the Pseudo Random Number Generator Daemon.
It has an EGD compatible interface and is designed to provide entropy
on systems not having /dev/*random devices.
Software supporting EGD style entropy requests are openssh, Apache/mod_ssl,
Postfix/TLS... Automatic querying of EGD sockets at fixed locations has
been introduced in the development version of OpenSSL and will be included
in the 0.9.7 release. (Up to now, applications have to access an EGD like
software explicitly.)
This latest version of PRNGD now has its own PRNG built in, so that it does
not need installed OpenSSL libraries any longer (thus it does not make
problems when updating shared libraries).
It now provides the performance I want it to have, minus maybe some small
adjustments in usage or porting, and hence will lead to the 1.0.0 release.
Current (and new :-) users of PRNGD are encouraged to try the new version.
As always, your feedback (porting, bugs, design critics) is welcome.
Best regards,
Lutz
--
Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
Contents of 00README file:
Overview:
========- This is the PRNGD "Pseudo Random Number Generator Daemon".
It offers an EGD compatible interface to obtain random data and is
intented to be used as an entropy source to feed other software,
especially software based on OpenSSL.
- Like EGD it calls system programs to collect entropy.
- Unlike EGD it does not generate a pool of random bits that can be
called from other software.
Rather more it feeds the bits gathered into its internal PRNG from which
the "random bits" are obtained when requested. This way, PRNGD is
never drained and can never block (unlike EGD), so it is also suitable
to seed inetd-started programs.
It also features a seed-save file, so that it is immediately usable
after system start.
License:
=======- This software is free. You can do with it whatever you want.
I would however kindly ask you to acknowledge the use of this
package, if you are going use it in your software, which you might
be going to distribute. I would also like to receive a note if you
are a satisfied user :-)
Disclaimer:
==========- This software is provided ``as is''. You are using it at
your own risk.
I will take no liability in any case.
Author:
======- Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
Usage:
=====Usage of PRNGD is simple:
- Adjust the Makefile and config.h to fit your machine and compile
"prngd".
Install it at a place you like (e.g. /usr/local/sbin).
- Generate an /etc/prngd.conf file with commands to gather entropy. The
format of the file is taken from the OpenSSH-portable package. See the
included examples.
- Generate a start seed by some way. Use
egc.pl /path/to/EGD read 255 > /etc/prngd-seed
or cat some logfiles together
cat /var/adm/syslog/mail.log /var/adm/syslog/syslog.log > /etc/prngd-seed
- Start prngd:
/usr/local/sbin/prngd /var/run/egd-pool
It might take a moment to read the initial seed, if you provided large
files.
Use egc.pl to check prngd really works:
egc.pl /var/run/egd-pool get
should yield the entropy in the PRNG pool as estimated by the PRNG.
Obtain some random data for test
egc.pl /var/run/egd-pool read 255
- You can shut down PRNGD cleanly (it will save actual random data back to
the seed file) by sending it HUP or TERM.
prngd --kill /var/run/egd-pool
will send HUP for you.
egc.pl is part of the EGD package. You already have EGD, don't you??
Don't miss the original EGD!!!
http://www.lothar.com/tech/crypto/
Porting:
=======- PRNGD has been developed on HP-UX 10.20 and (SuSE-)Linux. Support for
other platforms has been provided by:
Solaris 2.6: Louis LeBlanc <leblanc at mirror-image.com>
Solaris 7: Phil Howard <phil-openssh-unix-dev at ipal.net>
NeXTstep 3: Michael Weiser <michael at weiser.saale-net.de>
IRIX 6.5: Michael Weiser <michael at weiser.saale-net.de>
Tru64: James Bourne <jbourne at MtRoyal.AB.CA>
Unixware 7: George Walsh <gjmwalsh at netscape.net> (not finished, yet,
fails
with "bind(): invalid argument"...)
- To port PRNGD to a new platform:
* Check out the compiler and flags in Makefile
* IMPORTANT: Adjust the path names in config.h, as these files are used to
obtain seeding by size and modification/access times very frequently!!
* Provide a prngd.conf file. The format is compatible to OpenSSH, so you
can use a file created by the OpenSSH install process for you.
* Send feedback to me, so that it can be added to the distribution :-)
Todo:
====- Too long to be listed :-)
- Engage "autoconf" to make this thing easier to port and configure.