The Pi has a hardware random number generator. Source. Hat tip.
This is running Centos 7.
It presents as /dev/hwrng.
yum install rng-tools systemctl enable rngd systemctl start rngd # rngd -l Entropy sources that are available but disabled 1: TPM RNG Device 4: NIST Network Entropy Beacon
Oh. It’s running as a daemon on my command line.
No! Don’t press ctrl-c yet. The command will return the prompt when done. There’s a clue in the startup timings of the systemd service.
May 13 20:03:53 systemd: Started Hardware RNG Entropy Gatherer Daemon. May 13 20:03:53 rngd: Initalizing available sources May 13 20:04:19 rngd: Enabling JITTER rng support
After a while, it’ll complete, telling you the active sources.
# rngd -l Entropy sources that are available but disabled 1: TPM RNG Device 4: NIST Network Entropy Beacon Available and enabled entropy sources: 0: Hardware RNG Device 5: JITTER Entropy generator
Note that the hardware RNG device is not logged as a source during initialisation (only JITTER). This should get fixed in 7.7.
Given that the Pi has a hardware RNG, I will configure the daemon to only use that. I’ve made the daemon parameters more descriptive, and added debugging, not that this seems to make any difference.
mkdir /etc/systemd/system/rngd.service.d cat > /etc/systemd/system/rngd.service.d/params.conf <<EOF # disable jitter source [Service] ExecStart= ExecStart=/sbin/rngd --foreground --debug --exclude 5 EOF systemctl daemon-reload systemctl restart rng
Monitor the kernel entropy cache with something like the following. It will not exceed 4096.
while true ; do echo "$(date) $(cat /proc/sys/kernel/random/entropy_avail)"; sleep 1 ; done
My headless pi was running at around 6-700 before, and jumped immediately to over 3,000.