[Discuss] How do I add entropy?

Kent Borg kentborg at borg.org
Sun Sep 7 08:52:45 EDT 2014 

Does GPG use /dev/random? I think so...

On my current Linux installation, Debian 7, my pool size is 4096-bits, 
and my last couple Ubuntus were I think the same. That is a lot.

A public key of 4096-bits is like a much shorter symmetric key 
(~200-bits?), so unless you are generating a bunch of keys, you 
shouldn't have any problem.

The entropy accounting in the kernel is very conservative, and it is an 
inherently impossible task unless one can precisely characterize the 
source and the kernel can't. By the time GPG is happy with with the 
entropy it has drawn, you should be perfectly fine. (Assuming GPG 
doesn't have some other vulnerability. But is has to be bug free, right?)

As for sources of entropy, this has been a moving target. For a while 
the urandom maintainer was removing every source of entropy he couldn't 
characterize, which means he was removing nearly everything, which was 
stupid. More recently sanity as reigned and the idea is that stirring 
the entropy pool is always a good idea, even with predictable data, so 
numbers of entropy sources are increasing. But who knows which policy is 
in your current kernel?

In any event, wiggling the mouse and typing stuff has always been used 
as an entropy source.


Drifting off topic, one of my arguments is that on a fast x86 machine 
where the timestamp counter is running at a GHz-plus rate, and every 
time an interrupt comes in the count can be sampled and the lowest order 
bits will contain some entropy. Why? Because a GHz-plus clock is really 
fast, it is hard to know the precise value of such a clock at any 
distance--that's why computer hardware doesn't try to distribute that 
fast a clock any distance, the skew gets too much for synchronous 
circuits to function.

So if you are running a sane kernel and the ethernet driver interrupts 
are used as an entropy source, just receiving a packet with generate 
real entropy.

(Unfortunately, ARM chips don't have such a high speed counter. Getting 
entropy off a counter of just a few hundred megahertz isn't as good. It 
is much easier to know that at a greater distance.)

-kb

More information about the Discuss mailing list