[onerng talk] Blinking LED

James Cameron quozl at laptop.org
Thu Jun 18 08:33:51 BST 2015 

On Thu, Jun 18, 2015 at 01:47:17PM +1200, Paul Campbell wrote:
> On Thu, 18 Jun 2015 11:37:08 James Cameron wrote:
> >I think I see what you mean.  There is an accumulation, but there's an
> >averaging as well.  An incrementing counter tracks test failures.  The
> >counter is decremented every 1000 test successes.  A time averaging
> >filter that is very sensitive to short term failures.
> 
> >25 failures are needed at a rate exceeding one per 1000 tests, but
> >they need not be consecutive; they can be spread among 25000 tests.
> 
> > > We've talked about creating an option that runs OneRNG data through
> > > OpenSSL AES (with a fixed key) to further whiten the incoming data -
> > > you might want to try this and see if it solves your problem
> > 
> > Don't like the complexity.  I'd be more inclined to increase
> > MAX_RNG_FAILURES (25) or decrease RNG_OK_CREDIT (1000), or rewrite the
> > filter.
> 
> I think that's a great idea .... for you. 
> 
> It doesn't solve the problem for people who just want to do a simple
> install today - I think I'll probably do that this weekend - but
> I'll also add an entry in /etc/onerng.conf that lets you choose to
> turn it off

I've briefly looked at the idea of trying to whiten, and I'm not sure
it will work.  The best source for whitening is more entropy, and it
doesn't seem right to use entropy to make more entropy.  I'm
interested in the results you get.

Meanwhile, I've adjusting my setup to re-run rngd if it exits
normally, and break the loop if the device is removed.  onerng.sh now
has:

		while rngd -f $RNGD_FLAGS -p /var/lock/LCK..$2 -r /dev/$2
		do
			sleep 0.25
			if [ ! -c /dev/$2 ]
			then
				exit 1
			fi
		done

Note the -f flag is added.  Side-effect of leaving the at(1) job
running, it shows up in atq(1).

Tested device removal and reinsert, things seem happy.

So I suggest this as a simpler solution.  ;-)  Think of it as a reset
of the failure counter which causes a brief interruption to
/dev/random service.  Reduce the sleep to make it even more brief.

-- 
James Cameron
http://quozl.linux.org.au/

More information about the Discuss mailing list