Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Random number generator failure in Rasperri Pis?

Petter Ericson pettter at
Fri Jul 19 05:55:09 PDT 2013

On 19 July, 2013 - KheOps wrote:

> Hey,
> Le 19/07/2013 14:22, Petter Ericson a écrit :
> >> Just came accross this article, apparently showing the bad quality of
> >> the hardware RNG in Raspberri Pi devices.
> >>
> >>
> > 
> > I see nothing in the blog post indicating that the random data from the
> > Pi HW is bad. Rather, he uses that to show how good random data should look,
> > after which he implements RANDU to show how _not_ to do it.
> > 
> > I have seen this being posted here and there as a "look, Pi HWrand bad"
> > thing, but I have to wonder how many actually read the blog post, considering
> > he even ran rngtest for a thousand runs with no failures on the output of /dev/hwrng
> I might have read it and concluded too fast, and yes obviously he shows
> how another implementation is failing.
> But I see this:
> sudo cat /dev/hwrng | rngtest -c 1000
> which for me refers to the previously installed driver for RasPi
> and then he says: "We were lucky that none of the tests failed for that
> run; sometimes there are a few failures. RANDU, on the other hand fares
> very badly"
> Meaning that RANDU is really bad whereas the RasPi one would be ...
> better but still failing to pass some tests in some occasions?

You raise a good point.

I must admit ignorance in regards to the specifics of linux, HWRNGs, /dev/hwrng
and /dev/random, but my personal guess would be that /dev/hwrng supplies true
random values, while /dev/random is the place to look for properly hashed and
checked random output.

Having true random values fail a FIPS-140 test is definitely not out of the realm
of possibility, though I have no idea how common it would be.

It might be a good idea to do some digging around the components and source code, 
though. If for no other reason than it always is.



Petter Ericson (pettter at
Telecomix Sleeper Jellyfish

More information about the liberationtech mailing list