Forums » Software Development »
Using Sodium crypto library and not enough entropy?
Added by Edwin McKay over 7 years ago
I am trying to use the "Sodium crypto library" (https://download.libsodium.org/doc/) on the MityDSP. I had earlier ask with help compiling it and that was answered.
When I run the example code I receive the following message:
This system doesn't provide enough entropy to quickly generate high-quality random numbers.
the rng-utils/rng-tools or haveged packages may help.
virtualized Linux environments, also consider using virtio-rng.
service will not start until enough entropy has been collected.
So, do you know if these other packages (rng-utils/rng-tools or haveged) are safe to use with the MityDSP system?
The documentation also mentions the following:
Before returning, the function ensures that the system's random number generator has been properly seeded.
On some Linux systems, this may take some time, especially when called right after a reboot of the system. That issue has been reported on Digital Ocean virtual machines as well as on Scaleway ARM instances.
This can be confirmed with the following command:
cat /proc/sys/kernel/random/entropy_avail
If the command returns 0 or a very low number (< 160), and you are not running an obsolete kernel, this is very likely to be the case.
I ran the "cat /proc/sys/kernel/random/entropy_avail" command and the results are 0.
I do not have to use the Sodium library, I was just looking for way to encrypt some data and did not want to try to do it myself. So if there is another "simple" encryption library for the MityDSP, I could probably use it.
Thanks for any thoughts.
Replies (1)
RE: Using Sodium crypto library and not enough entropy? - Added by Jonathan Cormier over 7 years ago
Edwin McKay wrote:
I am trying to use the "Sodium crypto library" (https://download.libsodium.org/doc/) on the MityDSP. I had earlier ask with help compiling it and that was answered.
When I run the example code I receive the following message:
This system doesn't provide enough entropy to quickly generate high-quality random numbers.
the rng-utils/rng-tools or haveged packages may help.
virtualized Linux environments, also consider using virtio-rng.
service will not start until enough entropy has been collected.So, do you know if these other packages (rng-utils/rng-tools or haveged) are safe to use with the MityDSP system?
I'm no expert on crypto so I can't say if they would help make the crypto safe. I suspect that rng-tools would be pretty easy to build for the L138 and I don't believe haveged will build as its supposed to use certain cpu registers which likely don't exist in the older ARM processors.
Note that as far as I can tell the L138 does not have a hardware random number generator which means if you use rng-tools you'd have to use the urandom as the source which is frowned upon. https://wiki.archlinux.org/index.php/Rng-tools. So from what I can tell if you want a strong encryption you would need to add a rng hardware device to your design.
The documentation also mentions the following:
Before returning, the function ensures that the system's random number generator has been properly seeded.
On some Linux systems, this may take some time, especially when called right after a reboot of the system. That issue has been reported on Digital Ocean virtual machines as well as on Scaleway ARM instances.
This can be confirmed with the following command:
cat /proc/sys/kernel/random/entropy_avail
If the command returns 0 or a very low number (< 160), and you are not running an obsolete kernel, this is very likely to be the case.I ran the "cat /proc/sys/kernel/random/entropy_avail" command and the results are 0.
On a fresh boot, I got 120.
root@mityomapl138:~# cat /proc/sys/kernel/random/entropy_avail 120 root@mityomapl138:~# uname -a Linux mityomapl138 3.2.0+ #16 PREEMPT Thu Feb 19 14:56:13 EST 2015 armv5tejl GNU/Linux
I do not have to use the Sodium library, I was just looking for way to encrypt some data and did not want to try to do it myself. So if there is another "simple" encryption library for the MityDSP, I could probably use it.
None that I've used.
Thanks for any thoughts.