Project

General

Profile

Using Sodium crypto library and not enough entropy?

Added by Edwin McKay about 3 years ago

I am trying to use the "Sodium crypto library" (https://download.libsodium.org/doc/) on the MityDSP. I had earlier ask with help compiling it and that was answered.

When I run the example code I receive the following message:

This system doesn't provide enough entropy to quickly generate high-quality random numbers.
the rng-utils/rng-tools or haveged packages may help.
virtualized Linux environments, also consider using virtio-rng.
service will not start until enough entropy has been collected.

So, do you know if these other packages (rng-utils/rng-tools or haveged) are safe to use with the MityDSP system?

The documentation also mentions the following:
Before returning, the function ensures that the system's random number generator has been properly seeded.
On some Linux systems, this may take some time, especially when called right after a reboot of the system. That issue has been reported on Digital Ocean virtual machines as well as on Scaleway ARM instances.
This can be confirmed with the following command:
cat /proc/sys/kernel/random/entropy_avail
If the command returns 0 or a very low number (< 160), and you are not running an obsolete kernel, this is very likely to be the case.

I ran the "cat /proc/sys/kernel/random/entropy_avail" command and the results are 0.

I do not have to use the Sodium library, I was just looking for way to encrypt some data and did not want to try to do it myself. So if there is another "simple" encryption library for the MityDSP, I could probably use it.

Thanks for any thoughts.


Replies (1)

RE: Using Sodium crypto library and not enough entropy? - Added by Jonathan Cormier about 3 years ago

Edwin McKay wrote:

I am trying to use the "Sodium crypto library" (https://download.libsodium.org/doc/) on the MityDSP. I had earlier ask with help compiling it and that was answered.

When I run the example code I receive the following message:

This system doesn't provide enough entropy to quickly generate high-quality random numbers.
the rng-utils/rng-tools or haveged packages may help.
virtualized Linux environments, also consider using virtio-rng.
service will not start until enough entropy has been collected.

So, do you know if these other packages (rng-utils/rng-tools or haveged) are safe to use with the MityDSP system?

I'm no expert on crypto so I can't say if they would help make the crypto safe. I suspect that rng-tools would be pretty easy to build for the L138 and I don't believe haveged will build as its supposed to use certain cpu registers which likely don't exist in the older ARM processors.

Note that as far as I can tell the L138 does not have a hardware random number generator which means if you use rng-tools you'd have to use the urandom as the source which is frowned upon. https://wiki.archlinux.org/index.php/Rng-tools. So from what I can tell if you want a strong encryption you would need to add a rng hardware device to your design.

The documentation also mentions the following:
Before returning, the function ensures that the system's random number generator has been properly seeded.
On some Linux systems, this may take some time, especially when called right after a reboot of the system. That issue has been reported on Digital Ocean virtual machines as well as on Scaleway ARM instances.
This can be confirmed with the following command:
cat /proc/sys/kernel/random/entropy_avail
If the command returns 0 or a very low number (< 160), and you are not running an obsolete kernel, this is very likely to be the case.

I ran the "cat /proc/sys/kernel/random/entropy_avail" command and the results are 0.

On a fresh boot, I got 120.

root@mityomapl138:~# cat /proc/sys/kernel/random/entropy_avail 
120
root@mityomapl138:~# uname -a
Linux mityomapl138 3.2.0+ #16 PREEMPT Thu Feb 19 14:56:13 EST 2015 armv5tejl GNU/Linux

I do not have to use the Sodium library, I was just looking for way to encrypt some data and did not want to try to do it myself. So if there is another "simple" encryption library for the MityDSP, I could probably use it.

None that I've used.

Thanks for any thoughts.

    (1-1/1)
    Add picture from clipboard (Maximum size: 500 MB)