317:
long enough during boot to ensure sufficient entropy exists. Embedded devices often lack rotating disk drives, human interface devices, and even fans, and the network interface, if any, will not have been active for long enough to provide much entropy. Lacking easy access to entropy, some devices may use hard-coded keys to seed random generators, or seed random generators from easily guessed unique identifiers such as the device's MAC address. A simple study demonstrated the widespread use of weak keys by finding many embedded systems such as routers using the same keys. It was thought that the number of weak keys found would have been far higher if simple and often attacker determinable one-time unique identifiers had not been incorporated into the entropy of some of these systems.
260:
102:
has integrated cryptography as one of its main goals and has always worked on increasing its entropy for encryption but also for randomising many parts of the OS, including various internal operations of its kernel. Around 2011, two of the random devices were dropped and linked into a single source
316:
have difficulty gathering enough entropy as they are often very simple devices with short boot times, and key generation operations that require sufficient entropy are often one of the first things a system may do. Common entropy sources may not exist on these devices, or will not have been active
38:
collected by an operating system or application for use in cryptography or other uses that require random data. This randomness is often collected from hardware sources (variance in fan noise or HDD), either pre-existing ones such as mouse movements or specially provided randomness generators. A
417:
utilising the Linux kernel, or any other kernel or userspace process that generates entropy from the console and the storage subsystem, is often less than ideal because of the lack of a mouse and keyboard, thus servers have to generate their entropy from a limited set of resources such as IDE
73:, allows audio data to be used as an entropy source. Also available are video_entropyd, which calculates random data from a video-source and entropybroker, which includes these three and can be used to distribute the entropy data to systems not capable of running any of these (e.g.
180:
applications running on the
Windows platform use other measures to get randomness. For example, GnuPG, as of version 1.06, uses a variety of sources such as the number of free bytes in memory that combined with a random seed generates desired randomness it needs.
103:
as it could produce hundreds of megabytes per second of high quality random data on an average system. This made depletion of random data by userland programs impossible on OpenBSD once enough entropy has initially been gathered.
1016:
127:
since
Solaris 2.6, and have been a standard feature since Solaris 9. As of Solaris 10, administrators can remove existing entropy sources or define new ones via the kernel-level cryptographic framework.
508:
For Unix/BSD derivatives there exists a USB based solution that utilizes an ARM Cortex CPU for filtering / securing the bit stream generated by two entropy generator sources in the system.
446:
On servers with low entropy, a process can appear hung when it is waiting for random characters to appear in /dev/random (on Linux-based systems). For example, there was a known problem in
1423:
349:
There are some software packages that allow one to use a userspace process to gather random characters, exactly what /dev/random does, such as EGD, the
Entropy Gathering Daemon.
961:
493:
Commonly used entropy sources include the mouse, keyboard, and IDE timings, but there are other potential sources. For example, one could collect entropy from the computer's
986:
1008:
69:
There are some Linux kernel patches allowing one to use more entropy sources. The audio_entropyd project, which is included in some operating systems such as
936:
1075:
1444:
1045:
59:
movements, and integrated drive electronics (IDE) timings and makes the random character data available to other operating system processes through the
1150:
1125:
881:
825:
398:, effectively increasing the entropy collected into /dev/random and potentially improving the cryptographic potential. This is especially useful on
361:
and hardware often feature integrated generators that can provide high-quality and high-speed entropy to operating systems. On systems based on the
1273:
1362:
413:, especially those supervising Internet servers, have to ensure that the server processes will not halt because of entropy depletion. Entropy on
1488:
1387:
855:
334:
1512:
1345:
1406:
1321:
1104:
766:
82:
1251:
957:
911:
78:
1527:
1222:
365:, one can read the entropy generated from such a device through /dev/hw_random. However, sometimes /dev/hw_random may be slow;
694:
1202:
473:: If a server fails to use a proper source of randomness, the keys generated by the server will be insecure. In some cases a
579:
1179:
982:
368:
There are some companies manufacturing entropy generation devices, and some of them are shipped with drivers for Linux.
650:
443:
keys often, and this may in some cases help a server to continue functioning normally even with an entropy bottleneck.
745:
329:(TRNG) can be a (de)central service. One example of a centralized system where a random number can be acquired is the
300:
721:
932:
1067:
1296:
1037:
672:
558:
131:
A 3rd-party kernel module implementing /dev/random is also available for releases dating back to
Solaris 2.4.
632:
600:
482:
177:
527:
372:
326:
1458:
1154:
1129:
877:
821:
1265:
1370:
1363:"[gnutls-dev] gnutls_rsa_params_init hangs. Is regenerating rsa-params once a day too frequent?"
474:
124:
436:
as a substitute for /dev/random as this may cause SSL/TLS connections to have lower-grade encryption.
1480:
1384:
847:
618:
195:
and higher. New API is called
Cryptography API: Next Generation (CNG). Windows's CNG uses the binary
94:
70:
799:
429:
and should generally be at least 2000 bits (out of a maximum of 4096). Entropy changes frequently.
282:
278:
20:
1342:
380:
210:
85:
to pool entropy. In some systems, network interrupts can be used as an entropy source as well.
1403:
1313:
1096:
432:
Administrators responsible for systems that have low or zero entropy should not attempt to use
1244:"Linux support for random number generator in i8xx chipsets โ The Linux Kernel documentation"
770:
410:
52:
1424:"Build your own cryptographically safe server/client protocol - 4.8.3. Collecting entropy"
903:
8:
1243:
270:
155:
695:"Entropy and Random Devices | LinuxLink by TimeSys โ Your Embedded Linux Resource"
470:
414:
1218:
1438:
151:
56:
698:
392:
196:
162:
74:
1199:
1410:
1391:
1349:
1300:
1206:
725:
562:
399:
313:
230:
575:
123:/dev/random and /dev/urandom have been available as Sun packages or patches for
1009:"Millions of embedded devices use the same hard-coded SSH and TLS private keys"
440:
338:
185:
1314:"'SSL/TLS entropy problem, aka pops timeouts (was: sasl ldap problem)' - MARC"
1175:
485:(PRNG), and this happens when not enough entropy is introduced into the PRNG.
1521:
741:
192:
173:
654:
466:
362:
66:
and /dev/urandom. This capability was introduced in Linux version 1.3.30.
60:
48:
371:
On Linux system, one can install the rng-tools package that supports the
718:
39:
lack of entropy can have a negative impact on performance and security.
537:
515:
511:
502:
498:
494:
206:
Newer version of
Windows are able to use a variety of entropy sources:
35:
158:
to gather entropy in a similar fashion to Linux kernel's /dev/random.
111:
A driver ported from the Linux kernel has been made available for the
239:
27:
1293:
668:
555:
337:. The Cardano platform uses the participants of their decentralized
1459:"Simtec Electronics Entropy Key: USB True Random Number Generator"
848:"Source for entropy on Windows platforms with CryptoAPI installed"
636:
604:
532:
395:
99:
1466:
447:
376:
223:
451:
422:
384:
1385:
Unix entropy source can be used for keystroke timing attacks
878:"How does Windows GnuPG generate random numbers on keygen?"
217:
167:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
140:
112:
478:
462:
Entropy sources can be used for keyboard timing attacks.
388:
358:
184:
Programmers using CAPI can get entropy by calling CAPI's
169:
to store a seeded value from all of its entropy sources.
791:
143:
that allows software processes to retrieve random data.
1513:
Overview of entropy and of entropy generators in Linux
433:
1404:
Re: entropy depletion (was: SSL/TLS passive sniffing)
1343:[TLS] Re: Short Ephermal Diffie-Hellman keys
736:
734:
63:
983:"CryptGenRandom function (Wincrypt.h) - Win32 apps"
958:"UEFI entropy gathering protocol - Windows drivers"
731:
1519:
1443:: CS1 maint: bot: original URL status unknown (
822:"GPL command-line shred alternative for Windows"
1200:http://random.com.hr/products/random/hg324.html
352:
335:National Institute of Standards and Technology
281:. There might be a discussion about this on
576:"Robotic Tendencies ยป Missing entropy"
1426:. Archived from the original on 2012-07-23
619:"Fedora Package Database โ audio-entropyd"
320:
1266:"Re: [exim] no reply to STARTTLS"
904:"[or-cvs] Get entropy in windows"
497:, or by building a sensor to measure the
405:
301:Learn how and when to remove this message
1481:"Randomness 101: LavaRand in Production"
875:
819:
792:"Rexx Entropy Gathering Daemon for OS/2"
1097:"'Re: SSL/TLS entropy problem,' - MARC"
742:"Solaris /dev/random through emulation"
454:to hang in some cases because of this.
402:that have no other sources of entropy.
213:if available and enabled on motherboard
1520:
1006:
884:from the original on December 1, 2021
828:from the original on October 27, 2021
427:/proc/sys/kernel/random/entropy_avail
375:(TRNGs) found in CPUs supporting the
341:protocol to generate random numbers.
1038:"A solution for scalable randomness"
876:Malayter, Ryan (February 15, 2002).
675:from the original on 27 October 2012
518:as an additional source of entropy.
514:use an image feed from a rack of 80
488:
477:(malicious attacker) can guess some
253:
245:Keyboard timings and Mouse movements
188:(), after properly initializing it.
161:Windows's CryptoAPI uses the binary
1048:from the original on April 17, 2021
1030:
820:Malayter, Ryan (November 9, 2001).
719:/dev/{,u}random driver for GNU/Hurd
669:"haveged โ A simple entropy daemon"
439:Some software systems change their
249:
154:releases newer than Windows 95 use
13:
1369:. 14 December 2004. Archived from
1254:from the original on 31 July 2013.
201:HKEY_LOCAL_MACHINE\SYSTEM\RNG\Seed
14:
1539:
1506:
88:
1491:from the original on May 1, 2023
635:. March 23, 2021. Archived from
603:. March 23, 2021. Archived from
481:of entropy from the output of a
344:
258:
139:There is a software package for
77:). Furthermore, one can use the
1473:
1451:
1416:
1397:
1377:
1355:
1335:
1324:from the original on 2018-11-15
1306:
1287:
1276:from the original on 2012-07-22
1258:
1236:
1225:from the original on 2007-10-21
1211:
1193:
1182:from the original on 2007-11-21
1168:
1143:
1118:
1107:from the original on 2018-11-15
1089:
1078:from the original on 2022-12-30
1060:
1019:from the original on 2018-11-05
1000:
989:from the original on 2020-08-12
975:
964:from the original on 2018-05-17
950:
939:from the original on 2018-05-17
925:
914:from the original on 2013-05-07
896:
869:
858:from the original on 2018-10-02
840:
813:
802:from the original on 2007-10-31
784:
759:
748:from the original on 2007-11-04
582:from the original on 2022-12-06
220:interface (if booted from UEFI)
42:
1528:Pseudorandom number generators
712:
687:
661:
653:. May 29, 2020. Archived from
643:
625:
611:
593:
568:
549:
191:CryptoAPI was deprecated from
106:
1:
543:
483:pseudorandom number generator
425:is viewable through the file
373:true random number generators
178:free and open source software
528:Entropy (information theory)
327:true random number generator
226:CPU instruction if available
7:
521:
457:
353:Hardware-originated entropy
10:
1544:
556:random(4) - Linux man page
146:
118:
92:
18:
421:The entropy pool size in
331:randomness beacon service
203:to store a seeded value.
95:OpenBSD security features
1294:random(4) Linux man page
933:"About CNG - Win32 apps"
381:Trusted Platform Modules
21:Entropy (disambiguation)
1352:(ietf.org mailing list)
465:Entropy can affect the
321:(De)centralized systems
236:OEM0 ACPI table content
229:Hardware system clock (
134:
51:generates entropy from
1176:"Random Noise Sources"
601:"audio entropy daemon"
406:Practical implications
767:"Solaris /dev/random"
411:System administrators
172:Because CryptoAPI is
1487:. November 6, 2017.
1463:www.entropykey.co.uk
1151:"Re: /dev/hw_random"
1126:"Re: /dev/hw_random"
1007:Constantin, Lucian.
852:www.mail-archive.com
271:confusing or unclear
19:For other uses, see
1485:The Cloudflare Blog
279:clarify the section
1409:2011-05-17 at the
1390:2011-07-19 at the
1383:Zalewski, Michal;
1348:2007-11-11 at the
1341:Josefsson, Simon;
1299:2007-10-11 at the
1205:2008-05-13 at the
724:2007-09-18 at the
561:2007-10-11 at the
81:algorithm through
1469:on July 22, 2010.
908:archives.seul.org
489:Potential sources
311:
310:
303:
152:Microsoft Windows
16:Computing concept
1535:
1501:
1500:
1498:
1496:
1477:
1471:
1470:
1465:. Archived from
1455:
1449:
1448:
1442:
1434:
1432:
1431:
1420:
1414:
1401:
1395:
1381:
1375:
1374:
1359:
1353:
1339:
1333:
1332:
1330:
1329:
1310:
1304:
1291:
1285:
1284:
1282:
1281:
1262:
1256:
1255:
1240:
1234:
1233:
1231:
1230:
1215:
1209:
1197:
1191:
1190:
1188:
1187:
1172:
1166:
1165:
1163:
1162:
1153:. Archived from
1147:
1141:
1140:
1138:
1137:
1128:. Archived from
1122:
1116:
1115:
1113:
1112:
1093:
1087:
1086:
1084:
1083:
1068:"Random Numbers"
1064:
1058:
1057:
1055:
1053:
1044:. June 6, 2017.
1034:
1028:
1027:
1025:
1024:
1004:
998:
997:
995:
994:
979:
973:
972:
970:
969:
954:
948:
947:
945:
944:
929:
923:
922:
920:
919:
900:
894:
893:
891:
889:
873:
867:
866:
864:
863:
844:
838:
837:
835:
833:
817:
811:
810:
808:
807:
788:
782:
781:
779:
778:
769:. Archived from
763:
757:
756:
754:
753:
738:
729:
716:
710:
709:
707:
706:
697:. Archived from
691:
685:
684:
682:
680:
665:
659:
658:
651:"Entropy Broker"
647:
641:
640:
633:"video_entropyd"
629:
623:
622:
615:
609:
608:
597:
591:
590:
588:
587:
572:
566:
553:
400:headless systems
314:Embedded systems
306:
299:
295:
292:
286:
262:
261:
254:
250:Embedded systems
75:virtual machines
1543:
1542:
1538:
1537:
1536:
1534:
1533:
1532:
1518:
1517:
1509:
1504:
1494:
1492:
1479:
1478:
1474:
1457:
1456:
1452:
1436:
1435:
1429:
1427:
1422:
1421:
1417:
1411:Wayback Machine
1402:
1398:
1392:Wayback Machine
1382:
1378:
1367:lists.gnupg.org
1361:
1360:
1356:
1350:Wayback Machine
1340:
1336:
1327:
1325:
1312:
1311:
1307:
1301:Wayback Machine
1292:
1288:
1279:
1277:
1264:
1263:
1259:
1242:
1241:
1237:
1228:
1226:
1217:
1216:
1212:
1207:Wayback Machine
1198:
1194:
1185:
1183:
1174:
1173:
1169:
1160:
1158:
1149:
1148:
1144:
1135:
1133:
1124:
1123:
1119:
1110:
1108:
1095:
1094:
1090:
1081:
1079:
1066:
1065:
1061:
1051:
1049:
1036:
1035:
1031:
1022:
1020:
1005:
1001:
992:
990:
981:
980:
976:
967:
965:
956:
955:
951:
942:
940:
931:
930:
926:
917:
915:
902:
901:
897:
887:
885:
874:
870:
861:
859:
846:
845:
841:
831:
829:
818:
814:
805:
803:
790:
789:
785:
776:
774:
765:
764:
760:
751:
749:
740:
739:
732:
726:Wayback Machine
717:
713:
704:
702:
693:
692:
688:
678:
676:
667:
666:
662:
649:
648:
644:
631:
630:
626:
617:
616:
612:
599:
598:
594:
585:
583:
574:
573:
569:
563:Wayback Machine
554:
550:
546:
524:
491:
469:(TLS/SSL) of a
460:
408:
355:
347:
323:
307:
296:
290:
287:
276:
263:
259:
252:
149:
137:
121:
109:
97:
91:
45:
24:
17:
12:
11:
5:
1541:
1531:
1530:
1516:
1515:
1508:
1507:External links
1505:
1503:
1502:
1472:
1450:
1415:
1396:
1376:
1373:on 2007-01-17.
1354:
1334:
1305:
1286:
1270:lists.exim.org
1257:
1248:www.kernel.org
1235:
1210:
1192:
1167:
1142:
1117:
1088:
1059:
1029:
999:
974:
949:
924:
895:
868:
839:
812:
783:
758:
730:
711:
686:
660:
657:on 2020-05-29.
642:
639:on 2021-03-23.
624:
610:
607:on 2021-03-23.
592:
567:
547:
545:
542:
541:
540:
535:
530:
523:
520:
499:air turbulence
490:
487:
459:
456:
441:Diffie-Hellman
407:
404:
354:
351:
346:
343:
339:proof-of-stake
322:
319:
309:
308:
266:
264:
257:
251:
248:
247:
246:
243:
237:
234:
227:
221:
214:
186:CryptGenRandom
148:
145:
136:
133:
120:
117:
108:
105:
93:Main article:
90:
89:OpenBSD kernel
87:
44:
41:
15:
9:
6:
4:
3:
2:
1540:
1529:
1526:
1525:
1523:
1514:
1511:
1510:
1490:
1486:
1482:
1476:
1468:
1464:
1460:
1454:
1446:
1440:
1425:
1419:
1412:
1408:
1405:
1400:
1393:
1389:
1386:
1380:
1372:
1368:
1364:
1358:
1351:
1347:
1344:
1338:
1323:
1319:
1315:
1309:
1302:
1298:
1295:
1290:
1275:
1271:
1267:
1261:
1253:
1249:
1245:
1239:
1224:
1220:
1214:
1208:
1204:
1201:
1196:
1181:
1177:
1171:
1157:on 2007-11-12
1156:
1152:
1146:
1132:on 2007-10-31
1131:
1127:
1121:
1106:
1102:
1098:
1092:
1077:
1073:
1069:
1063:
1052:September 14,
1047:
1043:
1039:
1033:
1018:
1014:
1013:Network World
1010:
1003:
988:
984:
978:
963:
959:
953:
938:
934:
928:
913:
909:
905:
899:
883:
879:
872:
857:
853:
849:
843:
827:
823:
816:
801:
797:
793:
787:
773:on 2008-05-11
772:
768:
762:
747:
743:
737:
735:
727:
723:
720:
715:
701:on 2016-04-02
700:
696:
690:
674:
670:
664:
656:
652:
646:
638:
634:
628:
620:
614:
606:
602:
596:
581:
577:
571:
564:
560:
557:
552:
548:
539:
536:
534:
531:
529:
526:
525:
519:
517:
513:
509:
506:
504:
500:
496:
486:
484:
480:
476:
472:
468:
463:
455:
453:
449:
444:
442:
437:
435:
430:
428:
424:
419:
416:
412:
403:
401:
397:
394:
390:
386:
382:
379:instruction,
378:
374:
369:
366:
364:
360:
350:
345:Other systems
342:
340:
336:
332:
328:
318:
315:
305:
302:
294:
284:
283:the talk page
280:
274:
272:
267:This section
265:
256:
255:
244:
241:
238:
235:
232:
228:
225:
222:
219:
216:Entropy from
215:
212:
209:
208:
207:
204:
202:
198:
194:
193:Windows Vista
189:
187:
182:
179:
175:
174:closed-source
170:
168:
164:
159:
157:
153:
144:
142:
132:
129:
126:
116:
114:
104:
101:
96:
86:
84:
80:
76:
72:
67:
65:
62:
61:special files
58:
54:
50:
40:
37:
33:
29:
22:
1493:. Retrieved
1484:
1475:
1467:the original
1462:
1453:
1428:. Retrieved
1418:
1399:
1379:
1371:the original
1366:
1357:
1337:
1326:. Retrieved
1317:
1308:
1289:
1278:. Retrieved
1269:
1260:
1247:
1238:
1227:. Retrieved
1213:
1195:
1184:. Retrieved
1170:
1159:. Retrieved
1155:the original
1145:
1134:. Retrieved
1130:the original
1120:
1109:. Retrieved
1100:
1091:
1080:. Retrieved
1072:dwheeler.com
1071:
1062:
1050:. Retrieved
1041:
1032:
1021:. Retrieved
1012:
1002:
991:. Retrieved
977:
966:. Retrieved
952:
941:. Retrieved
927:
916:. Retrieved
907:
898:
886:. Retrieved
871:
860:. Retrieved
851:
842:
830:. Retrieved
815:
804:. Retrieved
795:
786:
775:. Retrieved
771:the original
761:
750:. Retrieved
728:(ibofobi.dk)
714:
703:. Retrieved
699:the original
689:
677:. Retrieved
663:
655:the original
645:
637:the original
627:
613:
605:the original
595:
584:. Retrieved
570:
551:
510:
507:
492:
467:cryptography
464:
461:
450:that caused
445:
438:
434:/dev/urandom
431:
426:
420:
409:
383:and in some
370:
367:
363:Linux kernel
356:
348:
330:
324:
312:
297:
291:January 2016
288:
277:Please help
268:
205:
200:
190:
183:
171:
166:
160:
150:
138:
130:
122:
110:
98:
68:
49:Linux kernel
46:
43:Linux kernel
31:
25:
1219:"rng-tools"
107:Hurd kernel
64:/dev/random
1430:2020-01-08
1328:2023-05-23
1280:2023-05-23
1229:2007-10-16
1186:2007-10-15
1161:2007-10-15
1136:2007-10-15
1111:2023-05-23
1082:2023-05-23
1023:2018-11-05
993:2020-08-31
968:2018-05-17
943:2018-05-17
918:2023-05-23
862:2023-05-23
806:2007-10-15
777:2007-10-17
752:2007-10-15
705:2007-10-15
586:2023-05-23
544:References
538:Randomness
516:lava lamps
512:Cloudflare
503:disk drive
495:microphone
273:to readers
36:randomness
1318:marc.info
1303:, die.net
1101:marc.info
565:(die.net)
501:inside a
418:timings.
333:from the
240:Interrupt
156:CryptoAPI
55:timings,
28:computing
1522:Category
1489:Archived
1439:cite web
1407:Archived
1388:Archived
1346:Archived
1322:Archived
1297:Archived
1274:Archived
1252:Archived
1250:. 2000.
1223:Archived
1203:Archived
1180:Archived
1105:Archived
1076:Archived
1046:Archived
1017:Archived
987:Archived
962:Archived
937:Archived
912:Archived
882:Archived
856:Archived
826:Archived
800:Archived
746:Archived
722:Archived
673:Archived
580:Archived
559:Archived
522:See also
458:Security
396:chipsets
197:registry
163:registry
115:kernel.
53:keyboard
1495:May 23,
1042:iohk.io
888:May 23,
832:May 23,
679:3 April
533:Entropy
475:cracker
415:servers
357:Modern
269:may be
242:timings
176:, some
147:Windows
125:Solaris
119:Solaris
100:OpenBSD
83:haveged
34:is the
32:entropy
1413:, 2005
1394:, 2003
471:server
448:Debian
377:RDRAND
224:RDRAND
79:HAVEGE
71:Fedora
796:r6.ca
452:exim4
423:Linux
391:, or
385:Intel
57:mouse
1497:2023
1445:link
1054:2020
890:2023
834:2023
681:2011
479:bits
359:CPUs
218:UEFI
199:key
165:key
141:OS/2
135:OS/2
113:Hurd
47:The
393:VIA
389:AMD
231:RTC
211:TPM
26:In
1524::
1483:.
1461:.
1441:}}
1437:{{
1365:.
1320:.
1316:.
1272:.
1268:.
1246:.
1221:.
1178:.
1103:.
1099:.
1074:.
1070:.
1056:.
1040:.
1015:.
1011:.
985:.
960:.
935:.
910:.
906:.
880:.
854:.
850:.
824:.
798:.
794:.
744:.
733:^
671:.
578:.
505:.
387:,
325:A
30:,
1499:.
1447:)
1433:.
1331:.
1283:.
1232:.
1189:.
1164:.
1139:.
1114:.
1085:.
1026:.
996:.
971:.
946:.
921:.
892:.
865:.
836:.
809:.
780:.
755:.
708:.
683:.
621:.
589:.
304:)
298:(
293:)
289:(
285:.
275:.
233:)
23:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.