wiki.ipfire.org

The community-maintained documentation platform of IPFire

User Tools

Site Tools


en:cryptography:entropy

Entropy

Entropy is really important for cryptography as keys are just random strings of bits.

For a definition of entropy see here: Entropy_(computing)

Gathering entropy

Entropy is gathered by IPFire by measuring hardware timings of the heads of a physical hard drive or by human input devices like mouse movements. Unfortunately server systems don't have those input devices and very often don't have harddisks so that they cannot gather entropy at all.

There are also no ways to generate entropy in software. No algorithm can be written to do this because no algorithm is random. Therefore IPFire does not provide any software that aims to generate entropy out of nowhere which can be very dangerous.

Since version 2.15, IPFire uses entropy from hardware random number generators that is fed into the kernel and mixed in into the entropy pool that has been increased to 16K of data.

Supported hardware random number generators (HWRNG)

Name Supported by
AMD
AMD Geode RNG ALIX
Broadcom
BCM2807 Raspberry Pi
BCM431x Broadcom 431x WiFi Card (HWRNG device is only present when the WiFi interface is up)
Intel
Intel RDRAND Some Sandy Bridge and Ivy Bridge Processors and all Haswell Processors
Virtual Hardware
Red Hat Inc., Virtio RNG KVM/QEMU can emulate a device that reads entropy from /dev/random of the virtualisation host.
Translations of this page?:
en/cryptography/entropy.txt · Last modified: 2014/03/29 20:58 by MichaelTremer