• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Hardware Random Number Generation

Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
1 Posts 1 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    michaelschefczyk
    last edited by Jul 12, 2014, 11:01 PM

    Dear Developers,

    Please consider adding hardware random number generation support. I am interested in this, but not fully knowledgeable about the subject. Currently, I am using pfSense on some Intel Atom CPU C2758 machines. For OpenVPN with the usual CBC-AES, I would find it desirable, if random number generation issues could be eradicated. I was thinking about the possibilities of using TrueRNG, so I wrote to the developers at ubld.it Their kind response was:

    "While nobody here has officially tested the TrueRNG with FreeBSD, I feel very confident that it should be able to access the device. As for seeding the entropy in the system, that is another matter. Typically on a Linux based system, we install rngd (from the rng-tools package) and configure it to read from the TrueRNG device, it then takes care of providing the kernel with entropy which is used throughout the system. Not being very proficient in FreeBSD I cannot comment much further." … "On Linux, pseudorandom comes from /dev/urandom, and true random comes from /dev/random, on OSX they are merged using the Yarrow method and /dev/random and /dev/urandom are the same device, (providing a mix of pseudo and non pseudo).  My research tells me that FreeBSD also does Yarrow so it should be the same as osx.  With a rngd on osx seeding /dev/random what happens is if available true rng entropy is available, it is served to the application requesting it, if the pool is low, it provides pseudorandom.  That being said, if our device was seeding the pool, the requests from an application requiring entropy would be getting true random data. All in all, I don't know enough about your particular application to comment further.  If you wanted to purchase the device and take a stab at getting it running I will be happy to try and help further it along if you get stuck, but in a nutshell once the device is enumerated over usb, it should just be a matter of compiling rngd for your system (or finding a precompiled package) and setting up the config file."

    Please take into account, if such hardware would be benficial to pfSense.

    Regards,

    Michael Schefczyk

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received