fbpx
Wikipedia

Entropy (computing)

January 01, 1970

For other uses, see Entropy (disambiguation).

In computing, entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data. This randomness is often collected from hardware sources (variance in fan noise or HDD), either pre-existing ones such as mouse movements or specially provided randomness generators. A lack of entropy can have a negative impact on performance and security.

Linux kernel edit

The Linux kernel generates entropy from keyboard timings, mouse movements, and integrated drive electronics (IDE) timings and makes the random character data available to other operating system processes through the special files /dev/random and /dev/urandom. This capability was introduced in Linux version 1.3.30.[1]

There are some Linux kernel patches allowing one to use more entropy sources.[2] The audio_entropyd project,[3] which is included in some operating systems such as Fedora, allows audio data to be used as an entropy source.[4] Also available are video_entropyd,[5] which calculates random data from a video-source and entropybroker,[6] which includes these three and can be used to distribute the entropy data to systems not capable of running any of these (e.g. virtual machines). Furthermore, one can use the HAVEGE algorithm through haveged to pool entropy.[7] In some systems, network interrupts can be used as an entropy source as well.[8]

OpenBSD kernel edit

Main article: OpenBSD security features

OpenBSD has integrated cryptography as one of its main goals and has always worked on increasing its entropy for encryption but also for randomising many parts of the OS, including various internal operations of its kernel. Around 2011, two of the random devices were dropped and linked into a single source as it could produce hundreds of megabytes per second of high quality random data on an average system.[clarification needed] This made depletion of random data by userland programs impossible on OpenBSD once enough entropy has initially been gathered.

Hurd kernel edit

A driver ported from the Linux kernel has been made available for the Hurd kernel.[9]

Solaris edit

/dev/random and /dev/urandom have been available as Sun packages or patches for Solaris since Solaris 2.6,[10] and have been a standard feature since Solaris 9.[11] As of Solaris 10, administrators can remove existing entropy sources or define new ones via the kernel-level cryptographic framework.

A 3rd-party kernel module implementing /dev/random is also available for releases dating back to Solaris 2.4.[10]

OS/2 edit

There is a software package for OS/2 that allows software processes to retrieve random data.[12]

Windows edit

Microsoft Windows releases newer than Windows 95 use CryptoAPI to gather entropy in a similar fashion to Linux kernel's /dev/random.[13]

Windows's CryptoAPI uses the binary registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed to store a seeded value from all of its entropy sources.[14]

Because CryptoAPI is closed-source, some free and open source software applications running on the Windows platform use other measures to get randomness. For example, GnuPG, as of version 1.06, uses a variety of sources such as the number of free bytes in memory that combined with a random seed generates desired randomness it needs.[15]

Programmers using CAPI can get entropy by calling CAPI's CryptGenRandom(), after properly initializing it.[16]

CryptoAPI was deprecated from Windows Vista and higher. New API is called Cryptography API: Next Generation (CNG).[17] Windows's CNG uses the binary registry key HKEY_LOCAL_MACHINE\SYSTEM\RNG\Seed to store a seeded value.

Newer version of Windows are able to use a variety of entropy sources:

  • TPM if available and enabled on motherboard
  • Entropy from UEFI interface (if booted from UEFI)[18]
  • RDRAND CPU instruction if available
  • Hardware system clock (RTC)
  • OEM0 ACPI table content
  • Interrupt timings
  • Keyboard timings and Mouse movements[19]

Embedded systems edit

Embedded systems have difficulty gathering enough entropy as they are often very simple devices with short boot times, and key generation operations that require sufficient entropy are often one of the first things a system may do. Common entropy sources may not exist on these devices, or will not have been active long enough during boot to ensure sufficient entropy exists. Embedded devices often lack rotating disk drives, human interface devices, and even fans, and the network interface, if any, will not have been active for long enough to provide much entropy. Lacking easy access to entropy, some devices may use hard-coded keys to seed random generators, or seed random generators from easily guessed unique identifiers such as the device's MAC address. A simple study[which?] demonstrated the widespread use of weak keys by finding many embedded systems such as routers using the same keys. It was thought that the number of weak keys found would have been far higher if simple and often attacker determinable one-time unique identifiers had not been incorporated into the entropy of some of these systems.[20]

(De)centralized systems edit

A true random number generator (TRNG) can be a (de)central service. One example of a centralized system where a random number can be acquired is the randomness beacon service from the National Institute of Standards and Technology. The Cardano platform uses the participants of their decentralized proof-of-stake protocol to generate random numbers.[21]

Other systems edit

There are some software packages that allow one to use a userspace process to gather random characters, exactly what /dev/random does, such as EGD, the Entropy Gathering Daemon.[22]

Hardware-originated entropy edit

Modern CPUs and hardware often feature integrated generators that can provide high-quality and high-speed entropy to operating systems. On systems based on the Linux kernel, one can read the entropy generated from such a device through /dev/hw_random.[23] However, sometimes /dev/hw_random may be slow;[24][25]

There are some companies manufacturing entropy generation devices, and some of them are shipped with drivers for Linux.[26][27]

On Linux system, one can install the rng-tools package[28] that supports the true random number generators (TRNGs) found in CPUs supporting the RDRAND instruction, Trusted Platform Modules and in some Intel, AMD, or VIA chipsets,[29] effectively increasing the entropy collected into /dev/random and potentially improving the cryptographic potential. This is especially useful on headless systems that have no other sources of entropy.

Practical implications edit

System administrators, especially those supervising Internet servers, have to ensure that the server processes will not halt because of entropy depletion. Entropy on servers utilising the Linux kernel, or any other kernel or userspace process that generates entropy from the console and the storage subsystem, is often less than ideal because of the lack of a mouse and keyboard, thus servers have to generate their entropy from a limited set of resources such as IDE timings.

The entropy pool size in Linux is viewable through the file /proc/sys/kernel/random/entropy_avail and should generally be at least 2000 bits (out of a maximum of 4096).[30][31] Entropy changes frequently.

Administrators responsible for systems that have low or zero entropy should not attempt to use /dev/urandom as a substitute for /dev/random as this may cause SSL/TLS connections to have lower-grade encryption.[32]

Some software systems change their Diffie-Hellman keys often, and this may in some cases help a server to continue functioning normally even with an entropy bottleneck.[33]

On servers with low entropy, a process can appear hung when it is waiting for random characters to appear in /dev/random (on Linux-based systems). For example, there was a known problem in Debian that caused exim4 to hang in some cases because of this.[34]

Security edit

Entropy sources can be used for keyboard timing attacks.[35]

Entropy can affect the cryptography (TLS/SSL) of a server: If a server fails to use a proper source of randomness, the keys generated by the server will be insecure. In some cases a cracker (malicious attacker) can guess some bits of entropy from the output of a pseudorandom number generator (PRNG), and this happens when not enough entropy is introduced into the PRNG.[36]

Potential sources edit

Commonly used entropy sources include the mouse, keyboard, and IDE timings, but there are other potential sources. For example, one could collect entropy from the computer's microphone, or by building a sensor to measure the air turbulence inside a disk drive.[37]

For Unix/BSD derivatives there exists a USB based solution that utilizes an ARM Cortex CPU for filtering / securing the bit stream generated by two entropy generator sources in the system.[38]

Cloudflare use an image feed from a rack of 80 lava lamps as an additional source of entropy.[39]

See also edit

References edit

  1. ^ random(4) - Linux man page 2007-10-11 at the Wayback Machine (die.net)
  2. ^ "Robotic Tendencies » Missing entropy". from the original on 2022-12-06. Retrieved 2023-05-23.
  3. ^ . March 23, 2021. Archived from the original on 2021-03-23.
  4. ^ "Fedora Package Database – audio-entropyd".[permanent dead link]
  5. ^ . March 23, 2021. Archived from the original on 2021-03-23.
  6. ^ . May 29, 2020. Archived from the original on 2020-05-29.
  7. ^ "haveged – A simple entropy daemon". from the original on 27 October 2012. Retrieved 3 April 2011.
  8. ^ . Archived from the original on 2016-04-02. Retrieved 2007-10-15.
  9. ^ /dev/{,u}random driver for GNU/Hurd 2007-09-18 at the Wayback Machine (ibofobi.dk)
  10. ^ a b "Solaris /dev/random through emulation". from the original on 2007-11-04. Retrieved 2007-10-15.
  11. ^ . Archived from the original on 2008-05-11. Retrieved 2007-10-17.
  12. ^ "Rexx Entropy Gathering Daemon for OS/2". r6.ca. from the original on 2007-10-31. Retrieved 2007-10-15.
  13. ^ Malayter, Ryan (November 9, 2001). "GPL command-line shred alternative for Windows". from the original on October 27, 2021. Retrieved May 23, 2023.
  14. ^ "Source for entropy on Windows platforms with CryptoAPI installed". www.mail-archive.com. from the original on 2018-10-02. Retrieved 2023-05-23.
  15. ^ Malayter, Ryan (February 15, 2002). "How does Windows GnuPG generate random numbers on keygen?". from the original on December 1, 2021. Retrieved May 23, 2023.
  16. ^ "[or-cvs] Get entropy in windows". archives.seul.org. from the original on 2013-05-07. Retrieved 2023-05-23.
  17. ^ "About CNG - Win32 apps". from the original on 2018-05-17. Retrieved 2018-05-17.
  18. ^ "UEFI entropy gathering protocol - Windows drivers". from the original on 2018-05-17. Retrieved 2018-05-17.
  19. ^ "CryptGenRandom function (Wincrypt.h) - Win32 apps". from the original on 2020-08-12. Retrieved 2020-08-31.
  20. ^ Constantin, Lucian. "Millions of embedded devices use the same hard-coded SSH and TLS private keys". Network World. from the original on 2018-11-05. Retrieved 2018-11-05.
  21. ^ "A solution for scalable randomness". iohk.io. June 6, 2017. from the original on April 17, 2021. Retrieved September 14, 2020.
  22. ^ "Random Numbers". dwheeler.com. from the original on 2022-12-30. Retrieved 2023-05-23.
  23. ^ "'Re: SSL/TLS entropy problem,' - MARC". marc.info. from the original on 2018-11-15. Retrieved 2023-05-23.
  24. ^ . Archived from the original on 2007-10-31. Retrieved 2007-10-15.
  25. ^ . Archived from the original on 2007-11-12. Retrieved 2007-10-15.
  26. ^ "Random Noise Sources". from the original on 2007-11-21. Retrieved 2007-10-15.
  27. ^ http://random.com.hr/products/random/hg324.html 2008-05-13 at the Wayback Machine
  28. ^ "rng-tools". from the original on 2007-10-21. Retrieved 2007-10-16.
  29. ^ "Linux support for random number generator in i8xx chipsets — The Linux Kernel documentation". www.kernel.org. 2000. from the original on 31 July 2013.
  30. ^ "Re: [exim] no reply to STARTTLS". lists.exim.org. from the original on 2012-07-22. Retrieved 2023-05-23.
  31. ^ random(4) Linux man page 2007-10-11 at the Wayback Machine, die.net
  32. ^ "'SSL/TLS entropy problem, aka pops timeouts (was: sasl ldap problem)' - MARC". marc.info. from the original on 2018-11-15. Retrieved 2023-05-23.
  33. ^ Josefsson, Simon; [TLS] Re: Short Ephermal Diffie-Hellman keys 2007-11-11 at the Wayback Machine (ietf.org mailing list)
  34. ^ . lists.gnupg.org. 14 December 2004. Archived from the original on 2007-01-17.
  35. ^ Zalewski, Michal; Unix entropy source can be used for keystroke timing attacks 2011-07-19 at the Wayback Machine, 2003
  36. ^ Re: entropy depletion (was: SSL/TLS passive sniffing) 2011-05-17 at the Wayback Machine, 2005
  37. ^ "Build your own cryptographically safe server/client protocol - 4.8.3. Collecting entropy". Archived from the original on 2012-07-23. Retrieved 2020-01-08.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  38. ^ . www.entropykey.co.uk. Archived from the original on July 22, 2010.
  39. ^ "Randomness 101: LavaRand in Production". The Cloudflare Blog. November 6, 2017. from the original on May 1, 2023. Retrieved May 23, 2023.

External links edit

  • Overview of entropy and of entropy generators in Linux

January 01, 1970
entropy, computing, other, uses, entropy, disambiguation, computing, entropy, randomness, collected, operating, system, application, cryptography, other, uses, that, require, random, data, this, randomness, often, collected, from, hardware, sources, variance, . For other uses see Entropy disambiguation In computing entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data This randomness is often collected from hardware sources variance in fan noise or HDD either pre existing ones such as mouse movements or specially provided randomness generators A lack of entropy can have a negative impact on performance and security Contents 1 Linux kernel 2 OpenBSD kernel 3 Hurd kernel 4 Solaris 5 OS 2 6 Windows 7 Embedded systems 8 De centralized systems 9 Other systems 10 Hardware originated entropy 11 Practical implications 11 1 Security 12 Potential sources 13 See also 14 References 15 External linksLinux kernel editThe Linux kernel generates entropy from keyboard timings mouse movements and integrated drive electronics IDE timings and makes the random character data available to other operating system processes through the special files dev random and dev urandom This capability was introduced in Linux version 1 3 30 1 There are some Linux kernel patches allowing one to use more entropy sources 2 The audio entropyd project 3 which is included in some operating systems such as Fedora allows audio data to be used as an entropy source 4 Also available are video entropyd 5 which calculates random data from a video source and entropybroker 6 which includes these three and can be used to distribute the entropy data to systems not capable of running any of these e g virtual machines Furthermore one can use the HAVEGE algorithm through haveged to pool entropy 7 In some systems network interrupts can be used as an entropy source as well 8 OpenBSD kernel editMain article OpenBSD security features OpenBSD has integrated cryptography as one of its main goals and has always worked on increasing its entropy for encryption but also for randomising many parts of the OS including various internal operations of its kernel Around 2011 two of the random devices were dropped and linked into a single source as it could produce hundreds of megabytes per second of high quality random data on an average system clarification needed This made depletion of random data by userland programs impossible on OpenBSD once enough entropy has initially been gathered Hurd kernel editA driver ported from the Linux kernel has been made available for the Hurd kernel 9 Solaris edit dev random and dev urandom have been available as Sun packages or patches for Solaris since Solaris 2 6 10 and have been a standard feature since Solaris 9 11 As of Solaris 10 administrators can remove existing entropy sources or define new ones via the kernel level cryptographic framework A 3rd party kernel module implementing dev random is also available for releases dating back to Solaris 2 4 10 OS 2 editThere is a software package for OS 2 that allows software processes to retrieve random data 12 Windows editMicrosoft Windows releases newer than Windows 95 use CryptoAPI to gather entropy in a similar fashion to Linux kernel s dev random 13 Windows s CryptoAPI uses the binary registry key HKEY LOCAL MACHINE SOFTWARE Microsoft Cryptography RNG Seed to store a seeded value from all of its entropy sources 14 Because CryptoAPI is closed source some free and open source software applications running on the Windows platform use other measures to get randomness For example GnuPG as of version 1 06 uses a variety of sources such as the number of free bytes in memory that combined with a random seed generates desired randomness it needs 15 Programmers using CAPI can get entropy by calling CAPI s CryptGenRandom after properly initializing it 16 CryptoAPI was deprecated from Windows Vista and higher New API is called Cryptography API Next Generation CNG 17 Windows s CNG uses the binary registry key HKEY LOCAL MACHINE SYSTEM RNG Seed to store a seeded value Newer version of Windows are able to use a variety of entropy sources TPM if available and enabled on motherboard Entropy from UEFI interface if booted from UEFI 18 RDRAND CPU instruction if available Hardware system clock RTC OEM0 ACPI table content Interrupt timings Keyboard timings and Mouse movements 19 Embedded systems editThis section may be confusing or unclear to readers Please help clarify the section There might be a discussion about this on the talk page January 2016 Learn how and when to remove this message Embedded systems have difficulty gathering enough entropy as they are often very simple devices with short boot times and key generation operations that require sufficient entropy are often one of the first things a system may do Common entropy sources may not exist on these devices or will not have been active long enough during boot to ensure sufficient entropy exists Embedded devices often lack rotating disk drives human interface devices and even fans and the network interface if any will not have been active for long enough to provide much entropy Lacking easy access to entropy some devices may use hard coded keys to seed random generators or seed random generators from easily guessed unique identifiers such as the device s MAC address A simple study which demonstrated the widespread use of weak keys by finding many embedded systems such as routers using the same keys It was thought that the number of weak keys found would have been far higher if simple and often attacker determinable one time unique identifiers had not been incorporated into the entropy of some of these systems 20 De centralized systems editA true random number generator TRNG can be a de central service One example of a centralized system where a random number can be acquired is the randomness beacon service from the National Institute of Standards and Technology The Cardano platform uses the participants of their decentralized proof of stake protocol to generate random numbers 21 Other systems editThere are some software packages that allow one to use a userspace process to gather random characters exactly what dev random does such as EGD the Entropy Gathering Daemon 22 Hardware originated entropy editModern CPUs and hardware often feature integrated generators that can provide high quality and high speed entropy to operating systems On systems based on the Linux kernel one can read the entropy generated from such a device through dev hw random 23 However sometimes dev hw random may be slow 24 25 There are some companies manufacturing entropy generation devices and some of them are shipped with drivers for Linux 26 27 On Linux system one can install the rng tools package 28 that supports the true random number generators TRNGs found in CPUs supporting the RDRAND instruction Trusted Platform Modules and in some Intel AMD or VIA chipsets 29 effectively increasing the entropy collected into dev random and potentially improving the cryptographic potential This is especially useful on headless systems that have no other sources of entropy Practical implications editSystem administrators especially those supervising Internet servers have to ensure that the server processes will not halt because of entropy depletion Entropy on servers utilising the Linux kernel or any other kernel or userspace process that generates entropy from the console and the storage subsystem is often less than ideal because of the lack of a mouse and keyboard thus servers have to generate their entropy from a limited set of resources such as IDE timings The entropy pool size in Linux is viewable through the file proc sys kernel random entropy avail and should generally be at least 2000 bits out of a maximum of 4096 30 31 Entropy changes frequently Administrators responsible for systems that have low or zero entropy should not attempt to use dev urandom as a substitute for dev random as this may cause SSL TLS connections to have lower grade encryption 32 Some software systems change their Diffie Hellman keys often and this may in some cases help a server to continue functioning normally even with an entropy bottleneck 33 On servers with low entropy a process can appear hung when it is waiting for random characters to appear in dev random on Linux based systems For example there was a known problem in Debian that caused exim4 to hang in some cases because of this 34 Security edit Entropy sources can be used for keyboard timing attacks 35 Entropy can affect the cryptography TLS SSL of a server If a server fails to use a proper source of randomness the keys generated by the server will be insecure In some cases a cracker malicious attacker can guess some bits of entropy from the output of a pseudorandom number generator PRNG and this happens when not enough entropy is introduced into the PRNG 36 Potential sources editCommonly used entropy sources include the mouse keyboard and IDE timings but there are other potential sources For example one could collect entropy from the computer s microphone or by building a sensor to measure the air turbulence inside a disk drive 37 For Unix BSD derivatives there exists a USB based solution that utilizes an ARM Cortex CPU for filtering securing the bit stream generated by two entropy generator sources in the system 38 Cloudflare use an image feed from a rack of 80 lava lamps as an additional source of entropy 39 See also editEntropy information theory Entropy RandomnessReferences edit random 4 Linux man page Archived 2007 10 11 at the Wayback Machine die net Robotic Tendencies Missing entropy Archived from the original on 2022 12 06 Retrieved 2023 05 23 audio entropy daemon March 23 2021 Archived from the original on 2021 03 23 Fedora Package Database audio entropyd permanent dead link video entropyd March 23 2021 Archived from the original on 2021 03 23 Entropy Broker May 29 2020 Archived from the original on 2020 05 29 haveged A simple entropy daemon Archived from the original on 27 October 2012 Retrieved 3 April 2011 Entropy and Random Devices LinuxLink by TimeSys Your Embedded Linux Resource Archived from the original on 2016 04 02 Retrieved 2007 10 15 dev u random driver for GNU Hurd Archived 2007 09 18 at the Wayback Machine ibofobi dk a b Solaris dev random through emulation Archived from the original on 2007 11 04 Retrieved 2007 10 15 Solaris dev random Archived from the original on 2008 05 11 Retrieved 2007 10 17 Rexx Entropy Gathering Daemon for OS 2 r6 ca Archived from the original on 2007 10 31 Retrieved 2007 10 15 Malayter Ryan November 9 2001 GPL command line shred alternative for Windows Archived from the original on October 27 2021 Retrieved May 23 2023 Source for entropy on Windows platforms with CryptoAPI installed www mail archive com Archived from the original on 2018 10 02 Retrieved 2023 05 23 Malayter Ryan February 15 2002 How does Windows GnuPG generate random numbers on keygen Archived from the original on December 1 2021 Retrieved May 23 2023 or cvs Get entropy in windows archives seul org Archived from the original on 2013 05 07 Retrieved 2023 05 23 About CNG Win32 apps Archived from the original on 2018 05 17 Retrieved 2018 05 17 UEFI entropy gathering protocol Windows drivers Archived from the original on 2018 05 17 Retrieved 2018 05 17 CryptGenRandom function Wincrypt h Win32 apps Archived from the original on 2020 08 12 Retrieved 2020 08 31 Constantin Lucian Millions of embedded devices use the same hard coded SSH and TLS private keys Network World Archived from the original on 2018 11 05 Retrieved 2018 11 05 A solution for scalable randomness iohk io June 6 2017 Archived from the original on April 17 2021 Retrieved September 14 2020 Random Numbers dwheeler com Archived from the original on 2022 12 30 Retrieved 2023 05 23 Re SSL TLS entropy problem MARC marc info Archived from the original on 2018 11 15 Retrieved 2023 05 23 Re dev hw random Archived from the original on 2007 10 31 Retrieved 2007 10 15 Re dev hw random Archived from the original on 2007 11 12 Retrieved 2007 10 15 Random Noise Sources Archived from the original on 2007 11 21 Retrieved 2007 10 15 http random com hr products random hg324 html Archived 2008 05 13 at the Wayback Machine rng tools Archived from the original on 2007 10 21 Retrieved 2007 10 16 Linux support for random number generator in i8xx chipsets The Linux Kernel documentation www kernel org 2000 Archived from the original on 31 July 2013 Re exim no reply to STARTTLS lists exim org Archived from the original on 2012 07 22 Retrieved 2023 05 23 random 4 Linux man page Archived 2007 10 11 at the Wayback Machine die net SSL TLS entropy problem aka pops timeouts was sasl ldap problem MARC marc info Archived from the original on 2018 11 15 Retrieved 2023 05 23 Josefsson Simon TLS Re Short Ephermal Diffie Hellman keys Archived 2007 11 11 at the Wayback Machine ietf org mailing list gnutls dev gnutls rsa params init hangs Is regenerating rsa params once a day too frequent lists gnupg org 14 December 2004 Archived from the original on 2007 01 17 Zalewski Michal Unix entropy source can be used for keystroke timing attacks Archived 2011 07 19 at the Wayback Machine 2003 Re entropy depletion was SSL TLS passive sniffing Archived 2011 05 17 at the Wayback Machine 2005 Build your own cryptographically safe server client protocol 4 8 3 Collecting entropy Archived from the original on 2012 07 23 Retrieved 2020 01 08 a href Template Cite web html title Template Cite web cite web a CS1 maint bot original URL status unknown link Simtec Electronics Entropy Key USB True Random Number Generator www entropykey co uk Archived from the original on July 22 2010 Randomness 101 LavaRand in Production The Cloudflare Blog November 6 2017 Archived from the original on May 1 2023 Retrieved May 23 2023 External links editOverview of entropy and of entropy generators in Linux Retrieved from https en wikipedia org w index php title Entropy computing amp oldid 1213396966, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.