Entropy (computing)

For other uses, see Entropy (disambiguation).

In computing, entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data. This randomness is often collected from hardware sources (variance in fan noise or HDD), either pre-existing ones such as mouse movements or specially provided randomness generators. A lack of entropy can have a negative impact on performance and security.

Linux kernel

The Linux kernel generates entropy from keyboard timings, mouse movements, and integrated drive electronics (IDE) timings and makes the random character data available to other operating system processes through the special files /dev/random and /dev/urandom. This capability was introduced in Linux version 1.3.30.[1]

There are some Linux kernel patches allowing one to use more entropy sources.[2] The audio_entropyd project,[3] which is included in some operating systems such as Fedora, allows audio data to be used as an entropy source.[4] Also available are video_entropyd,[5] which calculates random data from a video-source and entropybroker,[6] which includes these three and can be used to distribute the entropy data to systems not capable of running any of these (e.g. virtual machines). Furthermore, one can use the HAVEGE algorithm through haveged to pool entropy.[7] In some systems, network interrupts can be used as an entropy source as well.[8]

OpenBSD kernel

Main article: OpenBSD security features

OpenBSD has integrated cryptography as one of its main goals and has always worked on increasing its entropy for encryption but also for randomising many parts of the OS, including various internal operations of its kernel. Around 2011, two of the random devices were dropped and linked into a single source as it could produce hundreds of megabytes per second of high quality random data on an average system.[clarification needed] This made depletion of random data by userland programs impossible on OpenBSD once enough entropy has initially been gathered.

Hurd kernel

A driver ported from the Linux kernel has been made available for the Hurd kernel.[9]

Solaris

/dev/random and /dev/urandom have been available as Sun packages or patches for Solaris since Solaris 2.6,[10] and have been a standard feature since Solaris 9.[11] As of Solaris 10, administrators can remove existing entropy sources or define new ones via the kernel-level cryptographic framework.

A 3rd-party kernel module implementing /dev/random is also available for releases dating back to Solaris 2.4.[10]

OS/2

There is a software package for OS/2 that allows software processes to retrieve random data.[12]

Windows

Microsoft Windows releases newer than Windows 95 use CryptoAPI to gather entropy in a similar fashion to Linux kernel's /dev/random.[13]

Windows's CryptoAPI uses the binary registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed to store a seeded value from all of its entropy sources.[14]

Because CryptoAPI is closed-source, some free and open source software applications running on the Windows platform use other measures to get randomness. For example, GnuPG, as of version 1.06, uses a variety of sources such as the number of free bytes in memory that combined with a random seed generates desired randomness it needs.[15]

Programmers using CAPI can get entropy by calling CAPI's CryptGenRandom(), after properly initializing it.[16]

CryptoAPI was deprecated from Windows Vista and higher. New API is called Cryptography API: Next Generation (CNG).[17] Windows's CNG uses the binary registry key HKEY_LOCAL_MACHINE\SYSTEM\RNG\Seed to store a seeded value.

Newer version of Windows are able to use a variety of entropy sources:

  • TPM if available and enabled on motherboard
  • Entropy from UEFI interface (if booted from UEFI)[18]
  • RDRAND CPU instruction if available
  • Hardware system clock (RTC)
  • OEM0 ACPI table content
  • Interrupt timings
  • Keyboard timings and Mouse movements[19]

Embedded systems

Embedded systems have difficulty gathering enough entropy as they are often very simple devices with short boot times, and key generation operations that require sufficient entropy are often one of the first things a system may do. Common entropy sources may not exist on these devices, or will not have been active long enough during boot to ensure sufficient entropy exists. Embedded devices often lack rotating disk drives, human interface devices, and even fans, and the network interface, if any, will not have been active for long enough to provide much entropy. Lacking easy access to entropy, some devices may use hard-coded keys to seed random generators, or seed random generators from easily guessed unique identifiers such as the device's MAC address. A simple study[which?] demonstrated the widespread use of weak keys by finding many embedded systems such as routers using the same keys. It was thought that the number of weak keys found would have been far higher if simple and often attacker determinable one-time unique identifiers had not been incorporated into the entropy of some of these systems.[20]

(De)centralized systems

A true random number generator (TRNG) can be a (de)central service. One example of a centralized system where a random number can be acquired is the randomness beacon service from the National Institute of Standards and Technology. The Cardano platform uses the participants of their decentralized proof-of-stake protocol to generate random numbers.[21]

Other systems

There are some software packages that allow one to use a userspace process to gather random characters, exactly what /dev/random does, such as EGD, the Entropy Gathering Daemon.[22]

Hardware-originated entropy

Modern CPUs and hardware often feature integrated generators that can provide high-quality and high-speed entropy to operating systems. On systems based on the Linux kernel, one can read the entropy generated from such a device through /dev/hw_random.[23] However, sometimes /dev/hw_random may be slow;[24][25]

There are some companies manufacturing entropy generation devices, and some of them are shipped with drivers for Linux.[26][27]

On Linux system, one can install the rng-tools package[28] that supports the true random number generators (TRNGs) found in CPUs supporting the RDRAND instruction, Trusted Platform Modules and in some Intel, AMD, or VIA chipsets,[29] effectively increasing the entropy collected into /dev/random and potentially improving the cryptographic potential. This is especially useful on headless systems that have no other sources of entropy.

Practical implications

System administrators, especially those supervising Internet servers, have to ensure that the server processes will not halt because of entropy depletion. Entropy on servers utilising the Linux kernel, or any other kernel or userspace process that generates entropy from the console and the storage subsystem, is often less than ideal because of the lack of a mouse and keyboard, thus servers have to generate their entropy from a limited set of resources such as IDE timings.

The entropy pool size in Linux is viewable through the file /proc/sys/kernel/random/entropy_avail and should generally be at least 2000 bits (out of a maximum of 4096).[30][31] Entropy changes frequently.

Administrators responsible for systems that have low or zero entropy should not attempt to use /dev/urandom as a substitute for /dev/random as this may cause SSL/TLS connections to have lower-grade encryption.[32]

Some software systems change their Diffie-Hellman keys often, and this may in some cases help a server to continue functioning normally even with an entropy bottleneck.[33]

On servers with low entropy, a process can appear hung when it is waiting for random characters to appear in /dev/random (on Linux-based systems). For example, there was a known problem in Debian that caused exim4 to hang in some cases because of this.[34]

Security

Entropy sources can be used for keyboard timing attacks.[35]

Entropy can affect the cryptography (TLS/SSL) of a server: If a server fails to use a proper source of randomness, the keys generated by the server will be insecure. In some cases a cracker (malicious attacker) can guess some bits of entropy from the output of a pseudorandom number generator (PRNG), and this happens when not enough entropy is introduced into the PRNG.[36]

Potential sources

Commonly used entropy sources include the mouse, keyboard, and IDE timings, but there are other potential sources. For example, one could collect entropy from the computer's microphone, or by building a sensor to measure the air turbulence inside a disk drive.[37]

For Unix/BSD derivatives there exists a USB based solution that utilizes an ARM Cortex CPU for filtering / securing the bit stream generated by two entropy generator sources in the system.[38]

Cloudflare use an image feed from a rack of 80 lava lamps as an additional source of entropy.[39]

See also

References

  1. ^ random(4) - Linux man page Archived 2007-10-11 at the Wayback Machine (die.net)
  2. ^ "Robotic Tendencies » Missing entropy". Archived from the original on 2022-12-06. Retrieved 2023-05-23.
  3. ^ "audio entropy daemon". March 23, 2021. Archived from the original on 2021-03-23.
  4. ^ "Fedora Package Database – audio-entropyd".[permanent dead link]
  5. ^ "video_entropyd". March 23, 2021. Archived from the original on 2021-03-23.
  6. ^ "Entropy Broker". May 29, 2020. Archived from the original on 2020-05-29.
  7. ^ "haveged – A simple entropy daemon". Archived from the original on 27 October 2012. Retrieved 3 April 2011.
  8. ^ "Entropy and Random Devices | LinuxLink by TimeSys – Your Embedded Linux Resource". Archived from the original on 2016-04-02. Retrieved 2007-10-15.
  9. ^ /dev/{,u}random driver for GNU/Hurd Archived 2007-09-18 at the Wayback Machine (ibofobi.dk)
  10. ^ a b "Solaris /dev/random through emulation". Archived from the original on 2007-11-04. Retrieved 2007-10-15.
  11. ^ "Solaris /dev/random". Archived from the original on 2008-05-11. Retrieved 2007-10-17.
  12. ^ "Rexx Entropy Gathering Daemon for OS/2". r6.ca. Archived from the original on 2007-10-31. Retrieved 2007-10-15.
  13. ^ Malayter, Ryan (November 9, 2001). "GPL command-line shred alternative for Windows". Archived from the original on October 27, 2021. Retrieved May 23, 2023.
  14. ^ "Source for entropy on Windows platforms with CryptoAPI installed". www.mail-archive.com. Archived from the original on 2018-10-02. Retrieved 2023-05-23.
  15. ^ Malayter, Ryan (February 15, 2002). "How does Windows GnuPG generate random numbers on keygen?". Archived from the original on December 1, 2021. Retrieved May 23, 2023.
  16. ^ "[or-cvs] Get entropy in windows". archives.seul.org. Archived from the original on 2013-05-07. Retrieved 2023-05-23.
  17. ^ "About CNG - Win32 apps". Archived from the original on 2018-05-17. Retrieved 2018-05-17.
  18. ^ "UEFI entropy gathering protocol - Windows drivers". Archived from the original on 2018-05-17. Retrieved 2018-05-17.
  19. ^ "CryptGenRandom function (Wincrypt.h) - Win32 apps". Archived from the original on 2020-08-12. Retrieved 2020-08-31.
  20. ^ Constantin, Lucian. "Millions of embedded devices use the same hard-coded SSH and TLS private keys". Network World. Archived from the original on 2018-11-05. Retrieved 2018-11-05.
  21. ^ "A solution for scalable randomness". iohk.io. June 6, 2017. Archived from the original on April 17, 2021. Retrieved September 14, 2020.
  22. ^ "Random Numbers". dwheeler.com. Archived from the original on 2022-12-30. Retrieved 2023-05-23.
  23. ^ "'Re: SSL/TLS entropy problem,' - MARC". marc.info. Archived from the original on 2018-11-15. Retrieved 2023-05-23.
  24. ^ "Re: /dev/hw_random". Archived from the original on 2007-10-31. Retrieved 2007-10-15.
  25. ^ "Re: /dev/hw_random". Archived from the original on 2007-11-12. Retrieved 2007-10-15.
  26. ^ "Random Noise Sources". Archived from the original on 2007-11-21. Retrieved 2007-10-15.
  27. ^ http://random.com.hr/products/random/hg324.html Archived 2008-05-13 at the Wayback Machine
  28. ^ "rng-tools". Archived from the original on 2007-10-21. Retrieved 2007-10-16.
  29. ^ "Linux support for random number generator in i8xx chipsets — The Linux Kernel documentation". www.kernel.org. 2000. Archived from the original on 31 July 2013.
  30. ^ "Re: [exim] no reply to STARTTLS". lists.exim.org. Archived from the original on 2012-07-22. Retrieved 2023-05-23.
  31. ^ random(4) Linux man page Archived 2007-10-11 at the Wayback Machine, die.net
  32. ^ "'SSL/TLS entropy problem, aka pops timeouts (was: sasl ldap problem)' - MARC". marc.info. Archived from the original on 2018-11-15. Retrieved 2023-05-23.
  33. ^ Josefsson, Simon; [TLS] Re: Short Ephermal Diffie-Hellman keys Archived 2007-11-11 at the Wayback Machine (ietf.org mailing list)
  34. ^ "[gnutls-dev] gnutls_rsa_params_init hangs. Is regenerating rsa-params once a day too frequent?". lists.gnupg.org. 14 December 2004. Archived from the original on 2007-01-17.
  35. ^ Zalewski, Michal; Unix entropy source can be used for keystroke timing attacks Archived 2011-07-19 at the Wayback Machine, 2003
  36. ^ Re: entropy depletion (was: SSL/TLS passive sniffing) Archived 2011-05-17 at the Wayback Machine, 2005
  37. ^ "Build your own cryptographically safe server/client protocol - 4.8.3. Collecting entropy". Archived from the original on 2012-07-23. Retrieved 2020-01-08.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  38. ^ "Simtec Electronics Entropy Key: USB True Random Number Generator". www.entropykey.co.uk. Archived from the original on July 22, 2010.
  39. ^ "Randomness 101: LavaRand in Production". The Cloudflare Blog. November 6, 2017. Archived from the original on May 1, 2023. Retrieved May 23, 2023.

Read other articles:

Thomas Twisden Hodges

Grave of Thomas Twisden Hodges in Brookwood Cemetery Thomas Twisden Hodges (29 August 1809 – 12 March 1865) was an English Liberal Party politician who sat in the House of Commons in two periods between 1835 and 1852.[1] Hodges was the son of Thomas Law Hodges of Hemsted Park, MP for West Kent, and his wife Rebecca Twisden, daughter of Sir Roger Twisden.[2] Hodges was elected at the 1835 general election as a Member of Parliament (MP) for the borough of Rochester, but did no...

 

Ulrich von Plankenfels

Ulrich von Plankenfels vor dem hl. Sixtus, dem Patron der Diözese Chiemsee, auf dem gotischen Fenster der St.-Nikolaus-Kirche in der Weitau bei St. Johann in Tirol Ulrich von Plankenfels († Februar 1467) war 1453–1467 Bischof von Chiemsee. Inhaltsverzeichnis 1 Leben 2 Literatur 3 Weblinks 4 Einzelnachweise Leben Ulrich entstammte den Herren von Plankenfels, die als Ministeriale des Hochstifts Bamberg Bedeutung erlangten und deren Stammburg die Burg Plankenfels war. Zusammen mit seinem Br...

 

Stasiun Shimbashi

Koordinat: 35°39′59″N 139°45′31″E / 35.666301°N 139.758679°E / 35.666301; 139.758679 Stasiun Shimbashi新橋駅Pintu keluar Stasiun JR ShimbashiLokasiPrefekturTokyo(Lihat stasiun lainnya di Tokyo)Distrik kotaMinatoSejarahDibuka1909Nama sebelumnyaKarasumori StationNama sekarang digunakan sejak1914Layanan kereta apiOperatorJR EastTokyo MetroToei SubwayJalurJalur Keihin-TōhokuJalur Utama TōkaidōJalur YamanoteJalur YokosukaJalur Tokyo Metro GinzaJalur Toei A...

Kesemek kering

Gotgam Kesemek kering adalah jenis makanan ringan khas kawasan Asia Timur (terutama Tiongkok, Korea dan Jepang) yang terbuat dari buah kesemek yang dikeringkan.[1] Kesemek kering memiliki tekstur yang lembut dan warna coklat terang.[2] Produksi Penjemuran buah kesemek dengan latar Gunung Fuji di Fujinomiya, Shizuoka, Jepang Buah kesemek yang diikat dengan batangnya, dijemur udara di Kōshū, Jepang. Buah kesemek kering dibuat dari berbagai varietas persimmon Oriental. ketika m...

 

The Silent Service

Halaman ini berisi artikel tentang serial manga Jepang. Untuk kegunaan lain, lihat Silent Service. The Silent ServiceSampul volume pertama沈黙の艦隊(Chinmoku no Kantai)GenreDrama, Militer MangaPengarangKaiji KawaguchiPenerbitKodanshaMajalahWeekly MorningDemografiSeinenTerbit1988 – 1996Volume32 Video animasi orisinalSutradaraRyōsuke TakahashiStudioSunriseTayang 3 Maret 1996 – 25 Januari 1998Episode3  Portal anime dan manga The Silent Service (Jepang: 沈黙の艦隊code: ja ...

 

Community college (Malaysia)

A logo of department of community college Malaysia, MOHE Pasir Gudang Community College in Johor. The community college (Malay: Kolej Komuniti) system in Malaysia provides a wide range of Technical and Vocational Education Training (TVET) courses. Disciplines covered include accounting, architecture, construction, engineering, draughting, entrepreneurship, hospitality, personal services, multimedia, and visual arts.[1][2] Community colleges in Malaysia are administered by the ...

Sangareddy district

This article is about the district. For its eponymous headquarters, see Sangareddy. District of Telangana in IndiaSangareddy districtDistrict of TelanganaRamalingeshwara temple, NandikandiLocation in TelanganaSangareddy districtCoordinates (Sangareddy): 17.780532, 77.892057Country IndiaStateTelanganaMandals28Established11 October 2016 (7 years ago) (2016-10-11)[1]Founded byGovernment of Telangana,HeadquartersSangareddyRevenue Divisions04 Zaheerabad revenue divis...

 

Cruel Intentions

1999 American romantic drama film by Roger Kumble This article is about the 1999 film. For other uses, see Cruel Intentions (disambiguation). Cruel IntentionsTheatrical release posterDirected byRoger KumbleScreenplay byRoger KumbleBased onLes Liaisons dangereusesby Pierre Choderlos de LaclosProduced byNeal H. MoritzStarring Sarah Michelle Gellar Ryan Phillippe Reese Witherspoon Selma Blair CinematographyTheo van de SandeEdited by Jeff Freeman Music byEdward ShearmurProductioncompanies Columbi...

 

Black anarchism

African diasporic adherents of anarchist principles A flag representing Black Anarchism Part of a series onAnarchism History Outline Schools of thought Feminist Green Primitivist Social ecology Total liberation Individualist Egoist Free-market Naturist Philosophical Mutualism Postcolonial African Black Queer Religious Christian Jewish Social Collectivist Parecon Communist Magonism Without adjectives Methodology Agorism Illegalism Insurrectionary Communization Expropriative Pacifist Platformis...

Mission to Mars: My Vision for Space Exploration

Mission to Mars: My Vision for Space Exploration is a 2013 book written by retired NASA astronaut Buzz Aldrin and Leonard David. The book was released on May 7, 2013 by National Geographic Books.[1] In the book, Aldrin outlines his plan for humans to be able to colonize Mars by the year 2035. The books goes over a number of past and then current space concepts, policy, and future mission concepts.[2] He encouraged future missions to not focus on strictly on Mars exploration, b...

 

Badan Strategi Kebijakan Dalam Negeri

Badan Strategi Kebijakan Dalam Negeri Kementerian Dalam Negeri Republik IndonesiaGambaran umumDibentuk30 Desember 2021; 22 bulan lalu (2021-12-30)Dasar hukumPeraturan Presiden Nomor 114 Tahun 2021Nomenklatur sebelumnyaBadan Penelitian dan Pengembangan Kementerian Dalam Negeri Republik IndonesiaSusunan organisasiKepala BadanDr. Yusharto Huntoyungo, M.Pd.[1]Kantor pusatJl. Kramat Raya No. 132 Jakarta PusatSitus weblitbang.kemendagri.go.id Badan Strategi Kebijakan Dalam Negeri ...

 

Observatory Naef Épendes

ObservatoryObservatoire Robert A. NaefAlternative namesObservatory of Épendes Named afterRobert Adolf Naef Observatory codeA13LocationÉpendes, Canton of Fribourg, SwitzerlandCoordinates46°45′44.65″N 7°08′21.84″E / 46.7624028°N 7.1394000°E / 46.7624028; 7.1394000Altitude680 m (2,230 ft)Established1984Websiteobservatoire-ependes.chLocation of Observatoire Robert A. Naef  Related media on Commons[edit on Wikidata] Observator...

Rise Records

American record label This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: Rise Records – news · newspapers · books · scholar · JSTOR (June 2015) (Learn how and when to remove this template message) Rise RecordsParent companyBMG Rights Management[1]Founded1991FounderCraig EricsonStatusActiveDistributor(s)...

 

Elemento unitario de carga

«ULD» redirige aquí. Para otras acepciones, véase Universitarios Liberal Demócratas. Contenedores LD3 siendo descargados de un Boeing 747. Un elemento unitario de carga, o ULD por sus siglas en inglés (Unit Load Device),[1]​ es un contenedor o palet metálico usado para cargar equipaje, mercancías, y correo en aviones de fuselaje ancho y determinados aviones de fuselaje estrecho específicos. Permite que una gran cantidad de carga sea agrupada en una sola unidad. Puesto que conll...

 

Ello (jejaring sosial)

Artikel ini sebatang kara, artinya tidak ada artikel lain yang memiliki pranala balik ke halaman ini.Bantulah menambah pranala ke artikel ini dari artikel yang berhubungan atau coba peralatan pencari pranala.Tag ini diberikan pada Oktober 2022. ElloJenis situsJejaring sosialBahasaInggrisPenciptaPaul BudnitzSitus webwww.ello.coKomersialTidakDaftar akunDiperlukan untuk memposting, mengikuti, atau diikutiPengguna1 Juta +DiluncurkanMaret 2014 (2014-03)StatusAktif Ello adalah sebuah layanan j...

Santal music

Tamak (r.) and Tumdak (l.) - typical drums of the Santhal people, photographed in a village in Dinajpur district, Bangladesh. The Santal people love music and dance. Like other Indian people groups, their culture has been influenced by mainstream Indian culture and by Western culture, but traditional music and dance still remain. Santal music differs from Hindustani classical music in significant ways. Onkar Prasad has done the most recent work on the music of the Santal but others preceded h...

 

Roman Catholic Diocese of Choluteca

Roman Catholic diocese in Honduras Diocese of CholutecaDioecesis CholutecensisLocationCountry HondurasEcclesiastical provinceProvince of TegucigalpaMetropolitanOscar Andrés Rodríguez Maradiaga, S.D.B.StatisticsArea5,775 km2 (2,230 sq mi)Population- Total- Catholics(as of 2006)614,000532,000 (86.6%)Parishes14InformationDenominationRoman CatholicRiteRoman RiteEstablished8 September 1964 (59 years ago)CathedralCathedral of the Immaculate ConceptionCurrent lea...

 

1995 New York Jets season

1995 season of NFL team New York Jets 1995 New York Jets seasonOwnerLeon HessHead coachRich KotiteHome fieldGiants StadiumResultsRecord3–13Division place5th AFC EastPlayoff finishDid not qualifyPro BowlersNone ← 1994 Jets seasons 1996 → The 1995 New York Jets season was the 36th season for the team and the 26th in the National Football League. The Jets entered the 1995 season with their third different head coach in as many years as former Philadelphia Eagles head...

Wapet Road

Desert track in Pilbara, Western Australia Location of eastern part of Wapet road The Wapet Road, also known as the Kidson Track, is an outback track in the Pilbara region of Western Australia.[1] Since 2014, both the part of the road that is within the native title lands of the Nyangumarta people (Nyangumarta country) and the adjacent part between Nyangumarta country and Great Northern Highway are called Nyangumarta Highway. The name of the road was derived from early tracks cut by t...

 

Clondalkin

Satellite town of Dublin, Ireland This article may require cleanup to meet Wikipedia's quality standards. The specific problem is: poor writing standards. Please help improve this article if you can. (May 2017) (Learn how and when to remove this template message) Suburban town in Leinster, IrelandClondalkin Cluain DolcáinSuburban townThe Clondalkin round towerClondalkinLocation in IrelandCoordinates: 53°19′13″N 6°23′41″W / 53.320278°N 6.394722°W / 53.32027...

 

Strategi Solo vs Squad di Free Fire: Cara Menang Mudah!