In my previous blogpost I talked about the true random number generator (TRNG) within the Raspberry Pi. Now I am using it for a small online pre-shared key (PSK) generator at https://random.weberlab.de (IPv6-only) that you can use e.g. for site-to-site VPNs. Here are some details how I am reading the binary random data and how I built this small website.
This project is just for fun. I am using a Raspberry Pi 2 B with Raspbian GNU/Linux 9 (stretch), Kernel 4.9.59-v7+. It is accessible via IPv6 only. It consists of two parts: the random generation and the PHP script that reads it.
rng-tools
The hardware random generator is available on all Raspberry Pi models. With root privileges you can read out random data from /dev/hwrng. In order to route the hwrng to /dev/random you must install the rng-tools:
|
1 2 |
sudo apt-get update sudo apt-get install rng-tools |
(Other guides list some more commands to edit the /etc/default/rng-tools file in order to set the hardware device, but I didn’t need that. In my case it was running out of the box without any further configuration.)
Now you can read random data from /dev/random without (!) root privileges such as: (with base64 encoding to have the binary random readable)
|
1 |
head -c 112 /dev/random | base64 -w 30 |
Just for interest you can watch the entropy_avail file which shows the current available entropy. Without the hardware random generator this would immediately decrease and only increase slowly. With the hwrng it stays between 2000-4000 constantly even if you read out random data quite often. You can use the following command to watch the available entropy while refreshing the output every 0.5 seconds:
|
1 |
watch -n 0.5 cat /proc/sys/kernel/random/entropy_avail |
PHP Script
I am using a small PHP script that reads out random data from /dev/random and encodes it with base64 to have only printable characters. I adjusted the length to read out 21 bytes = 168 bits to have 28 chars after the base64 encoding which is a very good starting point for PSKs. That is: The security level is 168 bits for these random data which is quite good!
This is the PHP code snippet:
|
1 2 3 |
<?php print exec("head -c 21 /dev/random | base64"); ?> |
When you look at the page at https://random.weberlab.de you’ll see the quick-and-dirty approach. ;) Give it a try and press F5 for a couple of times – just for fun. Feel free to pick up a random string for your passwords, PSKs, whatever. Note that this servers runs at IPv6-only. If you don’t have IPv6 yet, go and ask your ISP or admin for it! (A last resort would be the usage of an online IPv6 proxy such as http://www.ipv6proxy.net/ to get an idea of the site.) Anyway, this is a screenshot:
And of course I am using only TLS secured https. Thanks to Let’s Encrypt.
Featured image “44742” by Tekniska museet is licensed under CC BY 2.0.
If there is anything I could change about the Linux kernel, it would be the following:
1. Get rid of the blocking /dev/random, and just symlink it to /dev/urandom
2. Remove the misunderstood /proc/sys/kernel/random/entropy_avail file
3. Block reading from /dev/urandom on boot until it’s been sufficiently seeded
Something you might want to be aware of, and may cause you to stop seeding /dev/urandom with the RPi HWRNG:
https://twitter.com/DefuseSec/status/408975222163795969
Basically, this shows that if the HWRNG (like RDRAND or the RPi) knows the state of the CSPRNG, it can manipulate the state, to provide compromised output (IE: a backdoor).
One quick comment- if you wanted https://random.weberlab.de/ to be fully trusted, rather than generating the PSK server-side, and sending it to the page, generate it client-side in JavaScript with window.crypto.getRandomValues(), which uses the browser’s CSPRNG (Chrome and Firefox both fallback to the OS CSPRNG for the data). Then people can be assured that you’re not logging the generated keys with IP addresses. Just a thought.
Hey Aaron. Thanks a lot for your comments. Really appreciate it.
Yes, I would not trust a server-side PSK generation as well. ;) It’s more or less a hobby project to have this TRNG running at the Pi. At least I can use it myself since I really know that I am not logging the keys.
Hello.
Is there really a hardware random number generator installed? Not just a pseudo-random generator?
I am only aware of two methods.
First, the decay of a radioactive element such as strontium 90.
Second, quantum tunneling.
As in this USB stick: https://ubld.it/truerng_v3
Roger Nelson called him, when I emailed Princeton University.
They also use it after the end of “PEAR” in “The Global Consciousness Project”.
But if a Raspberry PI can do the same thing, i don’t need to order such a USB stick.
Such a PI can also be used more universally.
I also need software, and the manufacturer told me they don’t have any software.
Nothing, no demo software, no knowledge of the existence of software from elsewhere, etc.
Because I have no programming knowledge, I need something for finished software to be available.
Or someone writes the few lines of code for the general public.
Maybe I am underestimating the effort, but the stick spits out the random numbers connected via a virtual COM port.
For the beginning, something would be good that shows 50/50 (e.g. as coins, heads or tails, or black / white etc.), and below that also logs how often which result occurred.
E.g. combined with a timer for a measurement over 1, 2, 3 … minutes.
Hey Tobias,
AFAIK there are some more random sources in the real world, such as: https://en.wikipedia.org/wiki/Hardware_random_number_generator#Classical_random_properties
Whether or not the TRNG on the Pi is *really* a *proven* TRNG is not decided by me. ;) I would not recommend it for enterprise security services unless someone has really checked the (open source?) hardware design, and so on. For me, it perfectly fits for playing around with it.
Cheers
Johannes
Hello Tobias
did you succeded with the ” Global Consciousness Project”?
E.g. I m thinking about using the Raspberry as a RNG for experimantaion.
Did you finished such a project?
I want to play with randomness too ;-)
Let me know please.
Thanks
Laco