[Whonix-devel] PRNGD questions

Lutz Jänicke lutz at lutz-jaenicke.de
Sun Feb 2 12:51:18 CET 2020


Hello,

long time not thought about the project.

On 01.02.20 14:43, Patrick Schleizer wrote:
> Does use of PRNGD still make sense nowadays on Linux with /dev/random?
> You might say, /dev/random provides good entropy. Right. However, we are
> looking for additional sources of entropy. For that purpose we are using
> haveged and jitterentropy_rng but wouldn't like to add add additional
> sources. Ideally those not reliant on the CPU.

TPMs or other secure elements normally contain strong random number
generators.

Having this said, I have been working in the embedded area in the last
years (decades!?) and within which gathering entropy with stock PRNGD
would not have worked either

> Can PRNGD output a stream of random output on the console? If yes, we
> could invent a simple wrapper around it and redirect/write it to
> /dev/random?


No, it can not. It provides an EGD compatible interface that you could
however query with a respective client.

Or you can just modify PRNGD.

> (I don't worry about updating the entropy counters using RNDADDENTROPY.
> Thanks to haveged and jitterentropy_rng these counters are always very
> high anyhow with no observed case of /dev/random starvation ever yet.
> The main point here is to improve entropy quality in case other sources
> are later found out to be less random than anticipated. Performance
> isn't a concern here.)
>
> Trying to verify PRNGD.
>
> gpg --verify prngd-0.9.9.tar.gz.sig
> gpg: keybox '/home/user/.gnupg/pubring.kbx' created
> gpg: assuming signed data in 'prngd-0.9.9.tar.gz'
> gpg: Signature made Mon 26 Feb 2001 12:20:08 PM EST
> gpg:                using RSA key 78993B149C58A66D
> gpg: Can't check signature: No public key


Hmm. I have not been using the key for many years and pgp as well and it
seems that the old key and newer versions of the software do not go well
together.

From http://keys2.kfwebs.net/pks/lookup?op=get&search=0x78993b149c58a66d
I have hence downloaded the respective public key myself (attached) but
could not verify the file myself. I am getting rusty...

> Could you please let me know where to acquire key 78993B149C58A66D since
> keyservers are unreliable nowadays.
>
> cc'd whonix-devel public mailing list so all our readers can benefit
> from you reply.

Best regards,

Lutz

-------------- next part --------------
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keys2.kfwebs.net

mI0DM0NxmAAAAQQA16KIecaNDugupPpzpbRgNuX7510LVozgw2+DMOwQ+vMCgopapBCQqVIw
XbHwc/PwhTuYqIFt9Fa8XiQg1cISfqFCu2c/5VdX1vACWCRsrWkCcmx1I6W6SzBSkSjPi/8I
wY603jipiR/tuQgHkidlyKDsfHeXglgUeJk7FJxYpm0ABRG0FGphZW5pY2tlQG9wZW5zc2wu
b3JniEYEEBECAAYFAj9P5NkACgkQF61PwTbSxlgXhQCffIh1J6qboLIfn2i3KQMyWPk1KzMA
oNEfnz4saj9gPT4fZHMx5A5ADhhfiEYEEBECAAYFAj9P5OIACgkQ6afICEo5fqLSEwCgpRrQ
kv6qTdvcHsjW1xhfa1QOMYMAnjpXo+rN/J/AhPdUpTjwdVqRth98iEYEEBECAAYFAkcYiAUA
CgkQi9gubzC5S1yCZwCfZlPTVxoky2H9LUeQry9Z+tGkZIUAni1UFqEKraDtI4/Da2egtO/z
LhpDiEYEExECAAYFAj9S3rIACgkQ07q73eD+4RIO9QCfTkvKKOWrkTUeNetFKjPvvDLpVacA
nRlO8tq7S32iqM/y/qsvxxlCPzMwiJUCBRA/T+TEqlidrFpqm4UBASF4A/9OoMGkmMha/3ia
j+6u9gNmw8sobZvr4XQ8qlgym3Htj3tS4DcJwQx7VlfCOD+gvnVgCWYhSKzp4fbR0FOW4nuN
kRBCgrbsLq/WdL5DeiopM7UU9E4sKWk+DSK1I50t8en6av4Nw7P/sqlSph6URRE0iYHB1aYE
dutuqXz8XG6VtoiVAwUQPW80zXiZOxScWKZtAQE/OgQA1elfxt2/ZWjuqkBaMaZpL8I1nib+
O/XVsQ64W3TyymjYPni1sHhOdDx15+WBulm3ZPSxxgv5+oPC43yBjpeSpnjeK53sT+eiRnUE
usBVYm3B9Mujub3IuYVX3BjmlXJ/S7P0fQXU1w6+kWDkvIB4NKDN4t+YK2O4PD6B6rjyKZ2J
ARUDBRBBZDmXjj4ZeCrcMLUBAShHCACYqig9/RxHaYB6vobmA4sSFZ85/zkWb6DnKB/jNi5g
QYldgkFai2tpJnw+fyZYw1WaPCBf0wm9Yj/HhCcI1FYOetz5Zr3/fas2WOpRvI/q1n7S1jVl
SRttkHi2si8N4SO/TfSUJuz7745soJjfcWijdjpWsaAEfdXwJwiXxba8J3XCuxKjlaiS/vDw
ZDZCjUnK75YcVYnx9vWMzrFTi/RnPn+xWD5vT9KLIfoyYSGzJHUycNDgjiNl83Q+E2CpVQfN
gIm4Q/qrKStNssryBTiV3wOM/hR/qUzbuxcomotT5YyIYsVcp+ZSWJ+/aLfMFgRi47cDOGi4
fwQX/BjzBwZktCVMdXR6IEphZW5pY2tlIDxsdXR6QGx1dHotamFlbmlja2UuZGU+iJUDBRNL
ljl3eJk7FJxYpm0BAT5FBACDP4kwJv/yKj1YzifcRZj6BQa1EKvbfOfDM6KeyqUOYN3QMros
KfV+ltrLEz5olWNGj+U3goqOT19VORl9O5tRTzFVmfPneH/fSbUYbLt1JhRTGLkW+prdklT9
MrjFqvExY8wJUtIlcGEtZagLF4bL9ym2WDrWxYlGB+BWeH/bsYhGBBARAgAGBQJLljnzAAoJ
ENO6u93g/uESKX8AniegDRal5TKg6OFahVEQx6GIbnw4AJ49YKNCzbl5mu8NyEnL4ZTEn7ki
x7QvTHV0eiBKYWVuaWNrZSA8THV0ei5KYWVuaWNrZUBhZXQuVFUtQ290dGJ1cy5ERT6IRgQQ
EQIABgUCP029FAAKCRAXrU/BNtLGWDGSAKCSk71G4SeAHiN/kGRkWINAQ3GENwCdHgTDfmnB
eqv7ARP0b4CIQgGcnliIRgQQEQIABgUCP029GgAKCRDpp8gISjl+oqa6AKCFlbrvbQgGQLZa
erXFMvA246FYnwCgmHR64JWprPsr/DaaJRtjNIOzblWIRgQQEQIABgUCRxiIBQAKCRCL2C5v
MLlLXBZAAJ0SMSNpD4BzY9iGym/C0aGryNwpnACfb7QSgY/9dqQAzYl+nE33g5qF82iIRgQR
EQIABgUCPUbfvQAKCRDTocUdzU3yBQ7iAJ9NFlY1EQ7s7Hmgcmx/WCnU9cDGkQCfVs+HXMcB
eDQuGcfOPjY5ilOglouIRgQTEQIABgUCP1LetAAKCRDTurvd4P7hEqWZAJ4oM6K+J/gdFs1z
pdhpqjBmjGjKqwCdH44GSsu9taIQNXoAXUDYBaq/IBSIlQIFED9NvQqqWJ2sWmqbhQEBWy8E
AJH40hyfbg+pNZX2drQjVvj1wp2PI3tJ6CZ5sFtf5B+awZkKoyqFt1f3vtGgep9mo/S32BNl
R1VNylZ2HbxG8xDtCKQcsyMuuQD7CZxGnmZL8cRMKVMY/Zxr0x+eeIaTN0kp2Yba7t+iDmju
5/OUBGK3V7Bd7L670qcKqvA9hUQPiJUDBRAzQ3GYeJk7FJxYpm0BARJbBADG9iDCHwbeCQEJ
71qCHqVOrYyXkz1EYeup1iHeee7f4ZnQXA0HDOEiJISaT1p/IQj7rb+O11k+D7ss7+gGDi7S
pCuOfeO+gGuUhctno8Lt5YkMZweGakWcvml8ymKe/1Yf1iHd9MS/qTeoQ8awyQWq45U6ilSb
q2vi6T58kFKXDYiVAwUTPlgn6xRPLUVPVwujAQFVsgP+Jn6rp6v/Lc47tLLvH7pyUAioZSr2
DeKDEVjNRiAx3V1quDJimYVNILwoKj4W48itwTkA2tXuJ36DAm7W5PaXvip8wpmnM2SjTN96
sKYaNLhfV71BPAIii0cYcSHC8zPRaiv2k4cJI3meia9CKMhCvvrBWNamyXbxUAyUrvxV6eWJ
ARUDBRA2NOP9s0r1v4QnEoUBAQyNB/9pcCwqCXtfiGw6dN/WrANGpfH/bVIvOmrhUErUoF5H
T9WylvTjEWloWpeOJYEyAY1gY0giKQ4lSlAR6MWssdjd45RSv/EpVRjrMm7Bj7Z98CWMQR2u
E4f+YGjNGIxSkvKMR6jWQhexuVNWUs4LkjWmYPqzCv9K0SP/7k2leEFftMBacvWzmSvDcrl0
HIn0Xmkvnq6Gp3uhXvu3BxCZieQnGRvvBwVWJNUW6TnE9uWUU4IIn1sko7tID+Kjmi7xKL/E
eVuS8qwRXmx73a6WjwQm8oG+PpuiWg776hopT3BIWMoQKIMp1DfLW46axOcIDER5Wy1f5Bru
fRE26GXjPhVpiQEVAwUQQWQyeo4+GXgq3DC1AQFCFwgAmyY3SUBOy2ssL5tIKr54mzrYtT4E
Y6HhDNc1eS+O19qL6GXG+2fxQLfkfcI1nzSIwoiqagZDZSWD8eVHj14wKPEPjnqDsc/1vjAA
+M815GZO/8GiL0R+8Ii6ZSBB3BuRGQa0EtMWyhlEGU++hUxTS/lle+a5pXPruB459k9KIlIF
WeDQJWno+uKOpN/SxMXS9x6FSs0Ch1a7RkYg22/fq0sheB+fUs1nhfpu+zSDeezeN9WDMWU5
IxhSFdfzP31W6zo7+GvmdeT5Y2Ge7wmO/5PH9TIqvzTC/k3KH6IBV6+nF1F9E+/kfUb0FEwK
BS+Sajco8/u26y9eQdQAaqtysQ==
=S+TS
-----END PGP PUBLIC KEY BLOCK-----


More information about the Whonix-devel mailing list