As it happens I am the proud owner of a made-in-UK Mathmos Lava Lamp and a couple of their Space Projectors : however I don't use them as a RNG. I am thinking more about the fact that there are a lot of devices which * have no hardware TRNG on board * do have one or more connections to wired or wireless internet and/or wide-area networks and/or various other communications channels such as BTLE or ZigBee * need to make a TLS/DTLS connection somewhere in order to be useful. By "literally in the air" I mean the entropy that is flying around in those radio channels or shared media; not the data which is being transmitted, but the inter-arrival times / collisions / etc. generated by a number of physically independent sources. I am sceptical of using haveged on such devices; of course I should be willing to test it and measure the results, but "measuring randomness" is a tricky business so I would be happy to see the results of some research. My own experiments in the past (with devices which had only a dial-up connection to the mother ship) were singularly unsuccessful in generating any useful degree of randomness. Thanks anyway for the suggestions everyone. > On 05/31/2018 03:03 PM, openssl-users-request@xxxxxxxxxxx distributed: >> Date: Thu, 31 May 2018 18:45:02 +1000 >> From: FooCrypt <openssl@xxxxxxxxxxxx> >> >> Place a teaspoon of fine grade white sand onto the skin of a snare drum > > Macroscopic hardware TRNGs are a *tad* yesteryear > > https://en.wikipedia.org/wiki/Lavarand > > because observing *quantum* random events doesn't require large devices > > https://en.wikipedia.org/wiki/Hardware_random_number_generator > > (not to mention being IIUC harder to influence by an attacker so as to > make them lose randomness). Nonetheless, if you don't have the hardware > (builtin TPM?) and cannot easily connect one to the given platform (as I > suspect for the OP's architecture) ... > > For general computing platforms, I've taken to installing (and, of > course, running and monitoring) haveged as a standard - on hosts *and* > VMs. It can run in an AIS-31 test mode if you want to check out the > entropy it collects. > > https://wiki.archlinux.org/index.php/Haveged > >>> On 31 May 2018, at 6:07 PM, chris.gray@xxxxxxxxx wrote: >>> I've also encountered this quite often, and I have a feeling that on >>> today's connected devices there may be a lot of entropy "in the air" >>> (quite literally) which is not being captured. Does any one know of >>> research in this area? > > Not specifically for mobile phones or WiFi interfaces, if that's what > you're referring to with "in the air". However, squeezing available > entropy out of various less-than-predictable hardware and OS states is > what *all* non-hardware entropy gatherers ultimately do, from the Linux > kernel's /dev/random mechanisms to haveged to what-have-you. > > Regards, > -- > Jochen Bern > Systemingenieur > > www.binect.de > www.facebook.de/binect > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
