New "Jitter Entropy" RNG Proposed For Linux
The Linux kernel RNG implementation for providing random numbers has worked quite well for its years in use. However, a new jitter entropy generator implementation has been proposed that is capable of providing 100 kB/s throughput of randomness.
Among the Linux RNG shortcomings as it stands now is /dev/random suffering from blocking, there is no in-kernel equivalent to /dev/random, random and urandom need to be re-seeded during boot, in virtualized environments there isn't as much entropy due to lack of attached devices, generated keys for full-disk encryption may not have enough entropy in their pools, and parts of the code contain complex processing.
As a result of these RNG shortcomings, Stephan Mueller has proposed a new entropy generator that is based upon CPU timing jitter. By having this entropy generator based on CPU timing jitter, it doesn't maintain any state nor require a seed, is capable of 100 kB/s throughput in a non-blocking manner through a-synchronous generation, should be better for virtualized environments, the main part of the entropy collector is only about 10 lines of code, and statistical test suites pass the output of the collector.
Stephan has published this initial working jitter entropy generator code as a Linux kernel module and separately as a user-space application. Meanwhile, some kernel developers have expressed interest in a random number generator implementation based upon AES, but no code has been pushed forward yet.
Those wanting to examine this jitter entropy generator for Linux can find the code and additional details as part of this kernel mailing list post.
Among the Linux RNG shortcomings as it stands now is /dev/random suffering from blocking, there is no in-kernel equivalent to /dev/random, random and urandom need to be re-seeded during boot, in virtualized environments there isn't as much entropy due to lack of attached devices, generated keys for full-disk encryption may not have enough entropy in their pools, and parts of the code contain complex processing.
As a result of these RNG shortcomings, Stephan Mueller has proposed a new entropy generator that is based upon CPU timing jitter. By having this entropy generator based on CPU timing jitter, it doesn't maintain any state nor require a seed, is capable of 100 kB/s throughput in a non-blocking manner through a-synchronous generation, should be better for virtualized environments, the main part of the entropy collector is only about 10 lines of code, and statistical test suites pass the output of the collector.
Stephan has published this initial working jitter entropy generator code as a Linux kernel module and separately as a user-space application. Meanwhile, some kernel developers have expressed interest in a random number generator implementation based upon AES, but no code has been pushed forward yet.
Those wanting to examine this jitter entropy generator for Linux can find the code and additional details as part of this kernel mailing list post.
10 Comments