[Whonix-devel] EGD used with a modern Kernel

[Brian Warner]

On 1/31/20 4:03 PM, procmem at riseup.net wrote:
> Hi Brian. Whonix dev here (privacy distro based on Tor). We are looking
> to add as many entropy sources as we can get our hands on, I was
> wondering what you think of EGD at this point in time given the current
> state of the Linux RNG?
> 
> Is EGD relevant in a moedern context? Does it use sources that the
> kernel doesn't at this point?

Heya. Nope, I'd recommend against EGD.. a modern kernel has access to
much better sources (and to sources that are less visible to a potential
attacker, specifically one running in userspace on the same machine)
than my ancient perl script could see. Also, omg that thing is ugly, I'm
kinda embarrassed about it by now :).

At a distro level, I'd recommend making sure the CPU-provided hardware
RNG sources are enabled (I *think* that means installing the rng-tools
package, but there might be a kernel config switch, look around for
"RDRAND" or "/dev/hwrng" or something).

The ideal situation is to be using RDRAND data, plus having the kernel
fold in interrupt timing as sort of a backup (some people are paranoid
and don't want to use RDRAND, but I think it's fine, and that their
concerns are addressed by mixing both RDRAND data and other sources).

The biggest thing to pay attention to is when the kernel's entropy pools
get seeded during the boot process, and to make sure that key generation
is deferred until after that point. I'm sure you've run into this before
:). SSH keygen in a new debian/ubuntu image at boot time is the part
that I'm always worried about, but I'd bet you've got Tor node keys and
a host of other tools which do the same.

Whonix is cool stuff, thanks for working on it!

cheers,
 -Brian