1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Adventures in random: /dev/urandom

Discussion in 'Asuswrt-Merlin' started by smasher, Nov 21, 2019.

  1. smasher

    smasher Regular Contributor

    Joined:
    Jun 21, 2019
    Messages:
    83
    Checking out the RT-AC68U's /dev/urandom and running some tests on it.

    I collected a few large chunks of entropy from the AC68U's /dev/urandom:
    Code:
    ssh -T sh.ac68u.lan 'dd if=/dev/urandom bs=64k count=350000' > dev-urandom-ac68u-dd-xxxx
    
    To repeat these tests, be sure to use ssh's "-T" flag, otherwise NL (0xa) characters will be converted into CR-NL (0xd, 0xa). That will cause a lot of dieharder's tests to indicate failure. That was something I overlooked when I wanted to "just check it out real quick", and ultimately led me to a more in-depth analysis, documented here.

    The quality of the entropy was checked using dieharder and ent. Testing was done on four files, each between 18GB and 22GB, totalling 75GB. Only one of the dieharder test runs resulted in a "rewind" mid-test, after a "weak" result was found; during the follow-up test which invoked the rewind, it passed.

    Here's the dieharder command used for testing.
    Code:
    dieharder -g 201 -s 1 -Y 1 -a -f dev-urandom-ac68u-dd-xxxx
    nb, the "-Y 1" option repeats ambiguous "weak" tests until they pass or fail. During testing on four large chunks of entropy from /dev/urandom there were zero failures. The "-s 1" "rewinds" the file to the beginning when each test is started; this makes it possible to do meaningful tests with files closer to 20GB, rather than 250GB.

    Output from the worst of four runs of dieharder.
    * Too big to post here - See comments *

    Here's the ent command used for testing:
    Code:
    ent -c dev-urandom-ac68u-dd-xxxx
    Here's the summary from the worst of three runs of ent. The table of the number of occurrences of each possible byte (the "-c" option) is too big to include here, so I'll leave that as a comment.
    Code:
    Total:    18264666112   1.000000
    
    Entropy = 8.000000 bits per byte.
    
    Optimum compression would reduce the size
    of this 18264666112 byte file by 0 percent.
    
    Chi square distribution for 18264666112 samples is 237.59, and randomly
    would exceed this value 77.62 percent of the times.
    
    Arithmetic mean value of data bytes is 127.4995 (127.5 = random).
    Monte Carlo value for Pi is 3.141616357 (error 0.00 percent).
    Serial correlation coefficient is 0.000010 (totally uncorrelated = 0.0).
    
    
    Tested with RT-AC68U, Merlin 384.13
     
  2. smasher

    smasher Regular Contributor

    Joined:
    Jun 21, 2019
    Messages:
    83
    Output from the worst of four dieharder runs: (minus enough headers to make it fit here)
    Code:
       rng_name    |           filename             |rands/second|
     file_input_raw| dev-urandom-ac68u-dd-xxxx      |  4.15e+07  |
    #=============================================================================#
            test_name   |ntup| tsamples |psamples|  p-value |Assessment|    Seed
    #=============================================================================#
       diehard_birthdays|   0|       100|     100|0.61636244|  PASSED  | 655021808
          diehard_operm5|   0|   1000000|     100|0.02276139|  PASSED  | 572979106
      diehard_rank_32x32|   0|     40000|     100|0.58595553|  PASSED  | 411076728
        diehard_rank_6x8|   0|    100000|     100|0.49040524|  PASSED  | 387094270
       diehard_bitstream|   0|   2097152|     100|0.32791882|  PASSED  |4191990396
            diehard_opso|   0|   2097152|     100|0.99887202|   WEAK   |1237411339
            diehard_opso|   0|   2097152|     200|0.96336115|  PASSED  |1237411339
            diehard_oqso|   0|   2097152|     100|0.09837434|  PASSED  |4046011082
             diehard_dna|   0|   2097152|     100|0.86500475|  PASSED  |3737262783
    diehard_count_1s_str|   0|    256000|     100|0.63979388|  PASSED  |3746282687
    diehard_count_1s_byt|   0|    256000|     100|0.42030723|  PASSED  |1233007362
     diehard_parking_lot|   0|     12000|     100|0.37143226|  PASSED  |2416469256
        diehard_2dsphere|   2|      8000|     100|0.87691835|  PASSED  |1054677675
        diehard_3dsphere|   3|      4000|     100|0.26231726|  PASSED  |1849592727
         diehard_squeeze|   0|    100000|     100|0.75670768|  PASSED  |1375244118
            diehard_sums|   0|       100|     100|0.59874906|  PASSED  |3053496631
            diehard_runs|   0|    100000|     100|0.42189842|  PASSED  | 256395939
            diehard_runs|   0|    100000|     100|0.36095171|  PASSED  | 256395939
           diehard_craps|   0|    200000|     100|0.53320970|  PASSED  |1913205019
           diehard_craps|   0|    200000|     100|0.77362325|  PASSED  |1913205019
     marsaglia_tsang_gcd|   0|  10000000|     100|0.61044516|  PASSED  |2803765125
     marsaglia_tsang_gcd|   0|  10000000|     100|0.44320802|  PASSED  |2803765125
             sts_monobit|   1|    100000|     100|0.34793499|  PASSED  |1402984118
                sts_runs|   2|    100000|     100|0.90468087|  PASSED  |2492875869
              sts_serial|   1|    100000|     100|0.34793499|  PASSED  |2703155037
              sts_serial|   2|    100000|     100|0.65494525|  PASSED  |2703155037
              sts_serial|   3|    100000|     100|0.96242152|  PASSED  |2703155037
              sts_serial|   3|    100000|     100|0.04681277|  PASSED  |2703155037
              sts_serial|   4|    100000|     100|0.11411276|  PASSED  |2703155037
              sts_serial|   4|    100000|     100|0.57455464|  PASSED  |2703155037
              sts_serial|   5|    100000|     100|0.64230902|  PASSED  |2703155037
              sts_serial|   5|    100000|     100|0.24397470|  PASSED  |2703155037
              sts_serial|   6|    100000|     100|0.22451427|  PASSED  |2703155037
              sts_serial|   6|    100000|     100|0.84355888|  PASSED  |2703155037
              sts_serial|   7|    100000|     100|0.60926545|  PASSED  |2703155037
              sts_serial|   7|    100000|     100|0.96455820|  PASSED  |2703155037
              sts_serial|   8|    100000|     100|0.09306453|  PASSED  |2703155037
              sts_serial|   8|    100000|     100|0.05140748|  PASSED  |2703155037
              sts_serial|   9|    100000|     100|0.52446217|  PASSED  |2703155037
              sts_serial|   9|    100000|     100|0.25431439|  PASSED  |2703155037
              sts_serial|  10|    100000|     100|0.13534040|  PASSED  |2703155037
              sts_serial|  10|    100000|     100|0.61517168|  PASSED  |2703155037
              sts_serial|  11|    100000|     100|0.45677693|  PASSED  |2703155037
              sts_serial|  11|    100000|     100|0.93602040|  PASSED  |2703155037
              sts_serial|  12|    100000|     100|0.57688250|  PASSED  |2703155037
              sts_serial|  12|    100000|     100|0.69789492|  PASSED  |2703155037
              sts_serial|  13|    100000|     100|0.41501463|  PASSED  |2703155037
              sts_serial|  13|    100000|     100|0.54541710|  PASSED  |2703155037
              sts_serial|  14|    100000|     100|0.46444861|  PASSED  |2703155037
              sts_serial|  14|    100000|     100|0.41986042|  PASSED  |2703155037
              sts_serial|  15|    100000|     100|0.16182905|  PASSED  |2703155037
              sts_serial|  15|    100000|     100|0.10411316|  PASSED  |2703155037
              sts_serial|  16|    100000|     100|0.05560078|  PASSED  |2703155037
              sts_serial|  16|    100000|     100|0.74832379|  PASSED  |2703155037
             rgb_bitdist|   1|    100000|     100|0.62255261|  PASSED  | 952234668
             rgb_bitdist|   2|    100000|     100|0.43135136|  PASSED  |1853644072
             rgb_bitdist|   3|    100000|     100|0.58223038|  PASSED  |1030593319
             rgb_bitdist|   4|    100000|     100|0.44094449|  PASSED  |2073289774
             rgb_bitdist|   5|    100000|     100|0.56208370|  PASSED  |2242094854
             rgb_bitdist|   6|    100000|     100|0.44607743|  PASSED  |1889364776
             rgb_bitdist|   7|    100000|     100|0.85660248|  PASSED  |3290547602
             rgb_bitdist|   8|    100000|     100|0.99896959|   WEAK   | 376369847
             rgb_bitdist|   8|    100000|     200|0.98596833|  PASSED  | 376369847
             rgb_bitdist|   9|    100000|     100|0.34497203|  PASSED  |1340024000
             rgb_bitdist|  10|    100000|     100|0.44871054|  PASSED  |1256259559
             rgb_bitdist|  11|    100000|     100|0.18703351|  PASSED  |4029113698
             rgb_bitdist|  12|    100000|     100|0.38201043|  PASSED  |2094248835
    rgb_minimum_distance|   2|     10000|    1000|0.89968124|  PASSED  |2081483781
    rgb_minimum_distance|   3|     10000|    1000|0.66596941|  PASSED  |2740182905
    rgb_minimum_distance|   4|     10000|    1000|0.23934493|  PASSED  | 453361285
    rgb_minimum_distance|   5|     10000|    1000|0.00539585|  PASSED  |2349568869
        rgb_permutations|   2|    100000|     100|0.37268625|  PASSED  |2699420681
        rgb_permutations|   3|    100000|     100|0.92782468|  PASSED  |3544172399
        rgb_permutations|   4|    100000|     100|0.14247783|  PASSED  |2936599046
        rgb_permutations|   5|    100000|     100|0.69115115|  PASSED  |4162033280
          rgb_lagged_sum|   0|   1000000|     100|0.33985734|  PASSED  |3364641994
          rgb_lagged_sum|   1|   1000000|     100|0.77718331|  PASSED  |3658875617
          rgb_lagged_sum|   2|   1000000|     100|0.15524482|  PASSED  |4142963960
          rgb_lagged_sum|   3|   1000000|     100|0.83010228|  PASSED  |1913627108
          rgb_lagged_sum|   4|   1000000|     100|0.88734223|  PASSED  |3639249619
          rgb_lagged_sum|   5|   1000000|     100|0.66550274|  PASSED  |2974661697
          rgb_lagged_sum|   6|   1000000|     100|0.40934196|  PASSED  |3361701298
          rgb_lagged_sum|   7|   1000000|     100|0.16555349|  PASSED  |2757132878
          rgb_lagged_sum|   8|   1000000|     100|0.99537437|   WEAK   |2742708289
          rgb_lagged_sum|   8|   1000000|     200|0.99999349|   WEAK   |2742708289
          rgb_lagged_sum|   8|   1000000|     300|0.91281829|  PASSED  |2742708289
          rgb_lagged_sum|   9|   1000000|     100|0.82041308|  PASSED  | 344180598
          rgb_lagged_sum|  10|   1000000|     100|0.96217385|  PASSED  |  62834291
          rgb_lagged_sum|  11|   1000000|     100|0.21565726|  PASSED  |1844905516
          rgb_lagged_sum|  12|   1000000|     100|0.83900449|  PASSED  |3238555859
          rgb_lagged_sum|  13|   1000000|     100|0.63457582|  PASSED  | 476584382
          rgb_lagged_sum|  14|   1000000|     100|0.75453704|  PASSED  |1815354595
          rgb_lagged_sum|  15|   1000000|     100|0.54224251|  PASSED  |1240323327
          rgb_lagged_sum|  16|   1000000|     100|0.95785384|  PASSED  |4059748876
          rgb_lagged_sum|  17|   1000000|     100|0.98341409|  PASSED  |2599487049
          rgb_lagged_sum|  18|   1000000|     100|0.35124462|  PASSED  |2155780316
          rgb_lagged_sum|  19|   1000000|     100|0.61472459|  PASSED  |2405085578
          rgb_lagged_sum|  20|   1000000|     100|0.47324235|  PASSED  | 753998565
          rgb_lagged_sum|  21|   1000000|     100|0.82842043|  PASSED  |3188446868
          rgb_lagged_sum|  22|   1000000|     100|0.85921723|  PASSED  |3800779187
          rgb_lagged_sum|  23|   1000000|     100|0.99038219|  PASSED  |2719824109
          rgb_lagged_sum|  24|   1000000|     100|0.37838555|  PASSED  |3704839947
          rgb_lagged_sum|  25|   1000000|     100|0.33555200|  PASSED  |3609211681
          rgb_lagged_sum|  26|   1000000|     100|0.56633579|  PASSED  | 603260102
          rgb_lagged_sum|  27|   1000000|     100|0.66609487|  PASSED  |3398189367
          rgb_lagged_sum|  28|   1000000|     100|0.84231460|  PASSED  |3231002618
          rgb_lagged_sum|  29|   1000000|     100|0.86633405|  PASSED  | 460172942
          rgb_lagged_sum|  30|   1000000|     100|0.88268914|  PASSED  |  36619135
          rgb_lagged_sum|  31|   1000000|     100|0.80745597|  PASSED  |2568904541
          rgb_lagged_sum|  32|   1000000|     100|0.80913937|  PASSED  |3174355902
         rgb_kstest_test|   0|     10000|    1000|0.48460171|  PASSED  |1779508437
         dab_bytedistrib|   0|  51200000|       1|0.15909799|  PASSED  |3919849743
                 dab_dct| 256|     50000|       1|0.48205236|  PASSED  | 875371068
    Preparing to run test 207.  ntuple = 0
            dab_filltree|  32|  15000000|       1|0.70961976|  PASSED  |2084750299
            dab_filltree|  32|  15000000|       1|0.23313512|  PASSED  |2084750299
    Preparing to run test 208.  ntuple = 0
           dab_filltree2|   0|   5000000|       1|0.31899339|  PASSED  |1104394593
           dab_filltree2|   1|   5000000|       1|0.70576237|  PASSED  |1104394593
    Preparing to run test 209.  ntuple = 0
            dab_monobit2|  12|  65000000|       1|0.00966207|  PASSED  |3829269606
    
     
  3. smasher

    smasher Regular Contributor

    Joined:
    Jun 21, 2019
    Messages:
    83
    Output from the worst of four ent tests:
    Code:
    Value Char Occurrences Fraction
      0         71364167   0.003907
      1         71349807   0.003906
      2         71340409   0.003906
      3         71337463   0.003906
      4         71351816   0.003907
      5         71372912   0.003908
      6         71348932   0.003906
      7         71363586   0.003907
      8         71350358   0.003906
      9         71355864   0.003907
     10         71344434   0.003906
     11         71337775   0.003906
     12         71362762   0.003907
     13         71331661   0.003905
     14         71342180   0.003906
     15         71348548   0.003906
     16         71333485   0.003906
     17         71350358   0.003906
     18         71353282   0.003907
     19         71347908   0.003906
     20         71344049   0.003906
     21         71356682   0.003907
     22         71349213   0.003906
     23         71348749   0.003906
     24         71352865   0.003907
     25         71350795   0.003906
     26         71345114   0.003906
     27         71342022   0.003906
     28         71348579   0.003906
     29         71343030   0.003906
     30         71343497   0.003906
     31         71338265   0.003906
     32         71349756   0.003906
     33   !     71352656   0.003907
     34   "     71337557   0.003906
     35   #     71349948   0.003906
     36   $     71348286   0.003906
     37   %     71351072   0.003907
     38   &     71346572   0.003906
     39   '     71331568   0.003905
     40   (     71358176   0.003907
     41   )     71364464   0.003907
     42   *     71334974   0.003906
     43   +     71340908   0.003906
     44   ,     71349077   0.003906
     45   -     71349605   0.003906
     46   .     71354354   0.003907
     47   /     71352083   0.003907
     48   0     71333369   0.003906
     49   1     71352451   0.003907
     50   2     71346977   0.003906
     51   3     71348993   0.003906
     52   4     71354350   0.003907
     53   5     71359464   0.003907
     54   6     71346515   0.003906
     55   7     71340788   0.003906
     56   8     71338284   0.003906
     57   9     71349144   0.003906
     58   :     71341534   0.003906
     59   ;     71355728   0.003907
     60   <     71347912   0.003906
     61   =     71336465   0.003906
     62   >     71346866   0.003906
     63   ?     71354803   0.003907
     64   @     71354763   0.003907
     65   A     71351871   0.003907
     66   B     71337803   0.003906
     67   C     71333951   0.003906
     68   D     71345210   0.003906
     69   E     71349349   0.003906
     70   F     71356333   0.003907
     71   G     71343019   0.003906
     72   H     71348076   0.003906
     73   I     71365691   0.003907
     74   J     71355083   0.003907
     75   K     71352803   0.003907
     76   L     71358577   0.003907
     77   M     71334720   0.003906
     78   N     71326010   0.003905
     79   O     71347058   0.003906
     80   P     71345918   0.003906
     81   Q     71346776   0.003906
     82   R     71337015   0.003906
     83   S     71341787   0.003906
     84   T     71350993   0.003907
     85   U     71354944   0.003907
     86   V     71349624   0.003906
     87   W     71340588   0.003906
     88   X     71333108   0.003906
     89   Y     71344549   0.003906
     90   Z     71345613   0.003906
     91   [     71336761   0.003906
     92   \     71352024   0.003907
     93   ]     71342905   0.003906
     94   ^     71352473   0.003907
     95   _     71348319   0.003906
     96   `     71348040   0.003906
     97   a     71344221   0.003906
     98   b     71359242   0.003907
     99   c     71322568   0.003905
    100   d     71346374   0.003906
    101   e     71340912   0.003906
    102   f     71356868   0.003907
    103   g     71338559   0.003906
    104   h     71346069   0.003906
    105   i     71340509   0.003906
    106   j     71350102   0.003906
    107   k     71353695   0.003907
    108   l     71344892   0.003906
    109   m     71346319   0.003906
    110   n     71332628   0.003905
    111   o     71343044   0.003906
    112   p     71338580   0.003906
    113   q     71343907   0.003906
    114   r     71339469   0.003906
    115   s     71341367   0.003906
    116   t     71340182   0.003906
    117   u     71323555   0.003905
    118   v     71354072   0.003907
    119   w     71342928   0.003906
    120   x     71353171   0.003907
    121   y     71341630   0.003906
    122   z     71345084   0.003906
    123   {     71339728   0.003906
    124   |     71347600   0.003906
    125   }     71333408   0.003906
    126   ~     71334948   0.003906
    127         71365020   0.003907
    128         71342427   0.003906
    129         71334642   0.003906
    130         71341726   0.003906
    131         71342388   0.003906
    132         71340840   0.003906
    133         71346674   0.003906
    134         71354253   0.003907
    135         71341405   0.003906
    136         71339860   0.003906
    137         71352245   0.003907
    138         71345990   0.003906
    139         71349974   0.003906
    140         71345046   0.003906
    141         71352650   0.003907
    142         71346869   0.003906
    143         71345896   0.003906
    144         71327703   0.003905
    145         71348907   0.003906
    146         71330374   0.003905
    147         71334081   0.003906
    148         71354260   0.003907
    149         71349562   0.003906
    150         71346546   0.003906
    151         71352491   0.003907
    152         71349572   0.003906
    153         71351064   0.003907
    154         71339992   0.003906
    155         71355863   0.003907
    156         71355524   0.003907
    157         71327311   0.003905
    158         71347901   0.003906
    159         71342852   0.003906
    160         71342897   0.003906
    161   �     71336376   0.003906
    162   �     71345275   0.003906
    163   �     71351487   0.003907
    164   �     71341171   0.003906
    165   �     71346146   0.003906
    166   �     71357078   0.003907
    167   �     71342860   0.003906
    168   �     71332845   0.003906
    169   �     71336454   0.003906
    170   �     71346114   0.003906
    171   �     71339944   0.003906
    172   �     71362853   0.003907
    173   �     71339955   0.003906
    174   �     71356076   0.003907
    175   �     71348786   0.003906
    176   �     71350246   0.003906
    177   �     71360025   0.003907
    178   �     71350780   0.003906
    179   �     71353212   0.003907
    180   �     71352363   0.003907
    181   �     71345234   0.003906
    182   �     71335215   0.003906
    183   �     71344021   0.003906
    184   �     71353721   0.003907
    185   �     71347916   0.003906
    186   �     71340919   0.003906
    187   �     71339001   0.003906
    188   �     71347345   0.003906
    189   �     71348307   0.003906
    190   �     71362442   0.003907
    191   �     71335962   0.003906
    192   �     71351159   0.003907
    193   �     71356755   0.003907
    194   �     71337353   0.003906
    195   �     71343488   0.003906
    196   �     71339276   0.003906
    197   �     71353068   0.003907
    198   �     71360529   0.003907
    199   �     71351609   0.003907
    200   �     71365217   0.003907
    201   �     71340094   0.003906
    202   �     71343644   0.003906
    203   �     71348380   0.003906
    204   �     71333763   0.003906
    205   �     71344687   0.003906
    206   �     71343020   0.003906
    207   �     71342388   0.003906
    208   �     71347146   0.003906
    209   �     71344224   0.003906
    210   �     71352243   0.003907
    211   �     71336297   0.003906
    212   �     71352782   0.003907
    213   �     71338765   0.003906
    214   �     71344965   0.003906
    215   �     71349269   0.003906
    216   �     71341803   0.003906
    217   �     71352092   0.003907
    218   �     71342761   0.003906
    219   �     71331648   0.003905
    220   �     71348737   0.003906
    221   �     71336653   0.003906
    222   �     71347380   0.003906
    223   �     71350808   0.003906
    224   �     71355941   0.003907
    225   �     71354504   0.003907
    226   �     71350659   0.003906
    227   �     71353522   0.003907
    228   �     71332359   0.003905
    229   �     71348212   0.003906
    230   �     71346609   0.003906
    231   �     71342768   0.003906
    232   �     71346056   0.003906
    233   �     71348211   0.003906
    234   �     71338864   0.003906
    235   �     71348122   0.003906
    236   �     71336555   0.003906
    237   �     71357113   0.003907
    238   �     71354030   0.003907
    239   �     71358224   0.003907
    240   �     71342523   0.003906
    241   �     71352956   0.003907
    242   �     71347922   0.003906
    243   �     71346023   0.003906
    244   �     71347801   0.003906
    245   �     71337673   0.003906
    246   �     71334358   0.003906
    247   �     71346249   0.003906
    248   �     71351278   0.003907
    249   �     71340858   0.003906
    250   �     71337733   0.003906
    251   �     71356507   0.003907
    252   �     71341607   0.003906
    253   �     71348576   0.003906
    254   �     71356527   0.003907
    255   �     71346184   0.003906
    
    Total:    18264666112   1.000000
    
    Entropy = 8.000000 bits per byte.
    
    Optimum compression would reduce the size
    of this 18264666112 byte file by 0 percent.
    
    Chi square distribution for 18264666112 samples is 237.59, and randomly
    would exceed this value 77.62 percent of the times.
    
    Arithmetic mean value of data bytes is 127.4995 (127.5 = random).
    Monte Carlo value for Pi is 3.141616357 (error 0.00 percent).
    Serial correlation coefficient is 0.000010 (totally uncorrelated = 0.0).
    
     
  4. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,290
    Location:
    San Diego, CA
  5. smasher

    smasher Regular Contributor

    Joined:
    Jun 21, 2019
    Messages:
    83
    Here's results from running each of the collected files through "rngtest".

    Code:
    for n in dev-urandom-ac68u-dd-*
    do
            echo
            echo
            echo "*** $n"
            time nice rngtest < $n
    done
    
    
    *** dev-urandom-ac68u-dd-xxxxxxx413
    rngtest 5
    Copyright (c) 2004 by Henrique de Moraes Holschuh
    This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
    
    rngtest: starting FIPS tests...
    rngtest: entropy source drained
    rngtest: bits received from input: 163208757248
    rngtest: FIPS 140-2 successes: 8154020
    rngtest: FIPS 140-2 failures: 6417
    rngtest: FIPS 140-2(2001-10-10) Monobit: 880
    rngtest: FIPS 140-2(2001-10-10) Poker: 787
    rngtest: FIPS 140-2(2001-10-10) Runs: 2378
    rngtest: FIPS 140-2(2001-10-10) Long run: 2398
    rngtest: FIPS 140-2(2001-10-10) Continuous run: 1
    rngtest: input channel speed: (min=106.822; avg=2108331.818; max=19531250.000)Kibits/s
    rngtest: FIPS tests speed: (min=2.173; avg=123.454; max=196.634)Mibits/s
    rngtest: Program run time: 1338010290 microseconds
     ## nice rngtest < $n
     ## 21:01.36 user, 30.984 system, 96% cpu, 22:18.01 total
    
    
    *** dev-urandom-ac68u-dd-xxxxxxx003
    rngtest 5
    Copyright (c) 2004 by Henrique de Moraes Holschuh
    This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
    
    rngtest: starting FIPS tests...
    rngtest: entropy source drained
    rngtest: bits received from input: 146117328896
    rngtest: FIPS 140-2 successes: 7299961
    rngtest: FIPS 140-2 failures: 5905
    rngtest: FIPS 140-2(2001-10-10) Monobit: 783
    rngtest: FIPS 140-2(2001-10-10) Poker: 762
    rngtest: FIPS 140-2(2001-10-10) Runs: 2212
    rngtest: FIPS 140-2(2001-10-10) Long run: 2181
    rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
    rngtest: input channel speed: (min=31.749; avg=1935892.564; max=19531250.000)Kibits/s
    rngtest: FIPS tests speed: (min=1.831; avg=122.708; max=196.634)Mibits/s
    rngtest: Program run time: 1210975507 microseconds
     ## nice rngtest < $n
     ## 18:56.60 user, 29.221 system, 96% cpu, 20:10.98 total
    
    
    *** dev-urandom-ac68u-dd-xxxxxxx031
    rngtest 5
    Copyright (c) 2004 by Henrique de Moraes Holschuh
    This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
    
    rngtest: starting FIPS tests...
    rngtest: entropy source drained
    rngtest: bits received from input: 146443894784
    rngtest: FIPS 140-2 successes: 7316556
    rngtest: FIPS 140-2 failures: 5638
    rngtest: FIPS 140-2(2001-10-10) Monobit: 715
    rngtest: FIPS 140-2(2001-10-10) Poker: 734
    rngtest: FIPS 140-2(2001-10-10) Runs: 2147
    rngtest: FIPS 140-2(2001-10-10) Long run: 2080
    rngtest: FIPS 140-2(2001-10-10) Continuous run: 2
    rngtest: input channel speed: (min=110.107; avg=2167536.651; max=19531250.000)Kibits/s
    rngtest: FIPS tests speed: (min=1.176; avg=124.643; max=190.735)Mibits/s
    rngtest: Program run time: 1187907111 microseconds
     ## nice rngtest < $n
     ## 18:40.93 user, 28.032 system, 96% cpu, 19:47.91 total
    
    
    *** dev-urandom-ac68u-dd-xxxxxxx362
    rngtest 5
    Copyright (c) 2004 by Henrique de Moraes Holschuh
    This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
    
    rngtest: starting FIPS tests...
    rngtest: entropy source drained
    rngtest: bits received from input: 183500800000
    rngtest: FIPS 140-2 successes: 9167847
    rngtest: FIPS 140-2 failures: 7192
    rngtest: FIPS 140-2(2001-10-10) Monobit: 939
    rngtest: FIPS 140-2(2001-10-10) Poker: 874
    rngtest: FIPS 140-2(2001-10-10) Runs: 2699
    rngtest: FIPS 140-2(2001-10-10) Long run: 2727
    rngtest: FIPS 140-2(2001-10-10) Continuous run: 1
    rngtest: input channel speed: (min=9.623; avg=1686849.962; max=19531250.000)Kibits/s
    rngtest: FIPS tests speed: (min=1.676; avg=125.613; max=190.735)Mibits/s
    rngtest: Program run time: 1501049089 microseconds
     ## nice rngtest < $n
     ## 23:14.81 user, 32.379 system, 95% cpu, 25:01.05 total
    
    nb, some failures are to be expected from good RNGs using these tests - http://www.fdk.com/cyber-e/pdf/HM-RAE103.pdf

    FIPS 140-2 failure rate - http://www.bitbabbler.org/test-data/graphs/GEFSTF/fips-graphs.html
     
    Last edited: Nov 24, 2019
  6. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,290
    Location:
    San Diego, CA
    Interesting - as each sample would be expected be to very close... as you mention, some errors can be expected.

    Curious as to why the investigation?
     
  7. smasher

    smasher Regular Contributor

    Joined:
    Jun 21, 2019
    Messages:
    83
    At first I just wanted to "check it out really quick". I implicitly included a "-t" flag in my ssh command, which screwed up the line-endings, and caused massive failures in the tests. From there, I started digging deeper, and before I knew it, I had some good data that I hadn't seen shared previously, so I figured it may be of interest to others.
     
  8. smasher

    smasher Regular Contributor

    Joined:
    Jun 21, 2019
    Messages:
    83
    Just installed haveged, and it's only been up a few hours, but I'm noticing much more stable/reliable ssh connections via wifi. And the entropy tests are looking good.

    The results from dieharder are excessively verbose, so here's a summary, comparing the new results to the four previous (without haveged) results. In this most recent test with haveged, two of the "rgb_lagged_sum" tests were "weak", but both resolved to "passed". All other tests passed without a hitch. Since dieharder with "-Y 1" resolved all of these "weak" tests (from all of these entropy samples) to "pass", I'm just averaging out the results from the "passed" tests. I'd expect them to be in the realm of 0.5, and that's close enough to what I'm seeing here:
    Code:
    dieharder-ac68u-dd-dev-urandom-xxxxxxx413
    .53718922350877192982
    
    dieharder-ac68u-dd-dev-urandom-xxxxxxx003
    .54459643149122807017
    
    dieharder-ac68u-dd-dev-urandom-xxxxxxx031
    .57074886678260869565
    
    dieharder-ac68u-dd-dev-urandom-xxxxxxx362
    .52350476754385964912
    
    dieharder-ac68u-dd-urandom-haveged-xxxxxxx897
    .55262435929824561403
    
    Summary from "ent -c dev-urandom-ac68u-dd-haveged-xxxxxxx897"
    Code:
    Entropy = 8.000000 bits per byte.
    
    Optimum compression would reduce the size
    of this 22937600000 byte file by 0 percent.
    
    Chi square distribution for 22937600000 samples is 247.31, and randomly
    would exceed this value 62.33 percent of the times.
    
    Arithmetic mean value of data bytes is 127.5004 (127.5 = random).
    Monte Carlo value for Pi is 3.141589445 (error 0.00 percent).
    Serial correlation coefficient is 0.000002 (totally uncorrelated = 0.0).
    
    The character counts are too boring to include, with 22937600000 bytes, and all characters showing up within 5 decimal places of frequency/occurrence. Here's a few lines:
    Code:
     65   A     89605290   0.003906
     66   B     89595028   0.003906
     67   C     89591011   0.003906
     68   D     89594420   0.003906
     69   E     89604531   0.003906
     70   F     89616599   0.003907
     71   G     89604563   0.003906
     72   H     89609953   0.003907
     73   I     89613433   0.003907
     74   J     89596074   0.003906
     75   K     89588104   0.003906
     76   L     89594231   0.003906
    
    These were the only outliers outside of the 0.003906-0.003907 range.
    Code:
     29         89580462   0.003905
     52   4     89579185   0.003905
    101   e     89580022   0.003905
    102   f     89581601   0.003905
    230   �     89579052   0.003905
    

    Output from "nice rngtest < dev-urandom-ac68u-dd-haveged-xxxxxxx897"
    Code:
    rngtest 5
    Copyright (c) 2004 by Henrique de Moraes Holschuh
    This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
    
    rngtest: starting FIPS tests...
    rngtest: entropy source drained
    rngtest: bits received from input: 183500800000
    rngtest: FIPS 140-2 successes: 9167765
    rngtest: FIPS 140-2 failures: 7274
    rngtest: FIPS 140-2(2001-10-10) Monobit: 987
    rngtest: FIPS 140-2(2001-10-10) Poker: 957
    rngtest: FIPS 140-2(2001-10-10) Runs: 2737
    rngtest: FIPS 140-2(2001-10-10) Long run: 2645
    rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
    rngtest: input channel speed: (min=24.751; avg=2646523.418; max=19531250.000)Kibits/s
    rngtest: FIPS tests speed: (min=8.599; avg=145.853; max=196.634)Mibits/s
    rngtest: Program run time: 1268724489 microseconds
    
    Looks good, with "failures" in the range expected for good RNGs.

    If things go well, it'll take me a day or two to collect 22GB of contiguous entropy from /dev/random (with haveged) and then we'll see how that looks.

    What I'm seeing so far, with the tremendously improved stability and reliability of ssh into the router, this looks like an argument for including haveged (or similar) in the standard builds.
     
    Last edited: Nov 26, 2019
  9. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,290
    Location:
    San Diego, CA
    Not sure if @RMerlin includes it in his builds, but I know that John's LTS fork does include it for the MIPS and ARM targets he supports.

    It helps big time with stubby and dnscrypt - anyways, happy to have convinced another forum member of the advantages of haveged
     
    Last edited: Nov 24, 2019
  10. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,290
    Location:
    San Diego, CA
    Should only need about 1GB for most of the dieharder tests
     
  11. smasher

    smasher Regular Contributor

    Joined:
    Jun 21, 2019
    Messages:
    83
    With the "-a -Y 1" options, I've seen it read more than 15-20GB into a file. Without the "-s 1", I've seen it eat 220-250GB to go through the tests.
     
    Last edited: Nov 26, 2019
  12. smasher

    smasher Regular Contributor

    Joined:
    Jun 21, 2019
    Messages:
    83
    With haveged running on the RT-AC68U, I collected about 25GB of entropy from /dev/random, which took about 15.5 hours. That's ≈470KB/s, or >35GB/day, from /dev/random, writing to a USB hard-drive.
    Code:
    nohup time cat /dev/random > /tmp/mnt/a500/dev-Random-ac68u-cat-haveged-xxxxxxx112
    Good thing I used nohup, because the ssh connection died at about 12GB, but the command kept running.

    And the test results...

    The results from dieharder are excessively verbose for this forum. In this most recent test with haveged, two of the "rgb_lagged_sum" tests were "weak", but both resolved to "passed". All other tests passed without a hitch. Since dieharder with "-Y 1" resolved all of these "weak" tests (from all of these entropy samples) to "pass", I'm just averaging out the results from the "passed" tests. I'd expect them to be in the realm of 0.5, and that's close enough to what I'm seeing here.
    Code:
    dieharder-ac68u-dd-dev-urandom-xxxxxxx413
    .53718922350877192982
    
    dieharder-ac68u-dd-dev-urandom-xxxxxxx003
    .54459643149122807017
    
    dieharder-ac68u-dd-dev-urandom-xxxxxxx031
    .57074886678260869565
    
    dieharder-ac68u-dd-dev-urandom-xxxxxxx362
    .52350476754385964912
    
    dieharder-ac68u-dd-urandom-haveged-xxxxxxx897
    .55262435929824561403
    
    dieharder-ac68u-random-haveged-xxxxxxx112
    .53783488385964912280
    
    Summary from "ent -c dev-Random-ac68u-cat-haveged-xxxxxxx112"
    Code:
    Total:    27037093147   1.000000
    
    Entropy = 8.000000 bits per byte.
    
    Optimum compression would reduce the size
    of this 27037093147 byte file by 0 percent.
    
    Chi square distribution for 27037093147 samples is 253.54, and randomly
    would exceed this value 51.41 percent of the times.
    
    Arithmetic mean value of data bytes is 127.4995 (127.5 = random).
    Monte Carlo value for Pi is 3.141627534 (error 0.00 percent).
    Serial correlation coefficient is 0.000003 (totally uncorrelated = 0.0).
    
    The character counts are too boring to include, with 27037093147 bytes, and all characters showing up within 5 decimal places of frequency/occurrence. Here's a few lines:
    Code:
     65   A    105601562   0.003906
     66   B    105611127   0.003906
     67   C    105616562   0.003906
     68   D    105607827   0.003906
     69   E    105611015   0.003906
     70   F    105623412   0.003907
     71   G    105619665   0.003906
     72   H    105628369   0.003907
     73   I    105604841   0.003906
     74   J    105614427   0.003906
     75   K    105615621   0.003906
     76   L    105629208   0.003907
    
    These were the only outliers outside of the 0.003906-0.003907 range.
    Code:
     14        105583561   0.003905
     61   =    105588554   0.003905
    185   �    105592298   0.003905
    187   �    105591778   0.003905
    240   �    105589558   0.003905
    
    Output from "nice rngtest < dev-Random-ac68u-cat-haveged-xxxxxxx112"
    Code:
    rngtest 5
    Copyright (c) 2004 by Henrique de Moraes Holschuh
    This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
    
    rngtest: starting FIPS tests...
    rngtest: entropy source drained
    rngtest: bits received from input: 216296745176
    rngtest: FIPS 140-2 successes: 10806130
    rngtest: FIPS 140-2 failures: 8707
    rngtest: FIPS 140-2(2001-10-10) Monobit: 1161
    rngtest: FIPS 140-2(2001-10-10) Poker: 1108
    rngtest: FIPS 140-2(2001-10-10) Runs: 3232
    rngtest: FIPS 140-2(2001-10-10) Long run: 3266
    rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
    rngtest: input channel speed: (min=52.323; avg=2678930.693; max=19531250.000)Kibits/s
    rngtest: FIPS tests speed: (min=7.344; avg=147.650; max=179.939)Mibits/s
    rngtest: Program run time: 1477310936 microseconds
    
    Looks good, with "failures" in the range expected for good RNGs. The worst part of the FIPS 140-2 tests has to be the nomenclature, which leads people to think that good RNGs "failed".
     
  13. smasher

    smasher Regular Contributor

    Joined:
    Jun 21, 2019
    Messages:
    83
    Here are the entropy files I've tested. The names should be reasonably self explanatory.
    Code:
    26G     dev-Random-ac68u-cat-pipe-haveged-xxxxxxx112
    20G     dev-urandom-ac68u-dd-xxxxxxx413
    18G     dev-urandom-ac68u-dd-xxxxxxx003
    18G     dev-urandom-ac68u-dd-xxxxxxx031
    22G     dev-urandom-ac68u-dd-xxxxxxx362
    22G     dev-urandom-ac68u-dd-haveged-xxxxxxx897
    121G    total
    
    I re-ran dieharder on them all, this time without the "-s 1" option; this is arguably a more complete test. Interestingly, the only file that prodoced zero "weak" results was "dev-Random-ac68u-cat-pipe-haveged-xxxxxxx112".[1] Collecting GBs of entropy from /dev/random without haveged is not something I have patience for, but this is still a small sample-size for really testing entropy. For anyone taking a serious interest in it, this is a starting point, not the last word.

    Of course, all of the "weak" results did resolve to "pass", with or without haveged, and none of the tests "failed". Here's what the relevant sections of the dieharder tests looked like (only looking at dieharder tests without "-s 1"), using this command:
    Code:
    egrep -A2 WEAK dieharder-*
    Code:
    dieharder-dev-urandom-ac68u-dd-xxxxxxx413:   diehard_bitstream|   0|   2097152|     100|0.99988528|   WEAK  
    dieharder-dev-urandom-ac68u-dd-xxxxxxx413-   diehard_bitstream|   0|   2097152|     200|0.47041376|  PASSED
    dieharder-dev-urandom-ac68u-dd-xxxxxxx413-        diehard_opso|   0|   2097152|     100|0.20581384|  PASSED
    --
    dieharder-dev-urandom-ac68u-dd-xxxxxxx413:          sts_serial|   9|    100000|     100|0.99998289|   WEAK  
    dieharder-dev-urandom-ac68u-dd-xxxxxxx413-          sts_serial|  10|    100000|     100|0.78871032|  PASSED
    dieharder-dev-urandom-ac68u-dd-xxxxxxx413:          sts_serial|  10|    100000|     100|0.99734900|   WEAK  
    dieharder-dev-urandom-ac68u-dd-xxxxxxx413-          sts_serial|  11|    100000|     100|0.52655022|  PASSED
    dieharder-dev-urandom-ac68u-dd-xxxxxxx413-          sts_serial|  11|    100000|     100|0.06337424|  PASSED
    --
    dieharder-dev-urandom-ac68u-dd-xxxxxxx413:          sts_serial|   4|    100000|     200|0.00419421|   WEAK  
    dieharder-dev-urandom-ac68u-dd-xxxxxxx413-          sts_serial|   5|    100000|     200|0.26823446|  PASSED
    dieharder-dev-urandom-ac68u-dd-xxxxxxx413-          sts_serial|   5|    100000|     200|0.56944955|  PASSED
    --
    dieharder-dev-urandom-ac68u-dd-xxxxxxx413:      rgb_lagged_sum|  12|   1000000|     100|0.99991388|   WEAK  
    dieharder-dev-urandom-ac68u-dd-xxxxxxx413-# The file file_input_raw was rewound 3 times
    dieharder-dev-urandom-ac68u-dd-xxxxxxx413-      rgb_lagged_sum|  12|   1000000|     200|0.93729551|  PASSED
    --
    dieharder-dev-urandom-ac68u-dd-xxxxxxx003:          sts_serial|  16|    100000|     100|0.99986662|   WEAK  
    dieharder-dev-urandom-ac68u-dd-xxxxxxx003-          sts_serial|   1|    100000|     200|0.29045395|  PASSED
    dieharder-dev-urandom-ac68u-dd-xxxxxxx003-          sts_serial|   2|    100000|     200|0.72159245|  PASSED
    --
    dieharder-dev-urandom-ac68u-dd-xxxxxxx003:      rgb_lagged_sum|   3|   1000000|     100|0.99656647|   WEAK  
    dieharder-dev-urandom-ac68u-dd-xxxxxxx003-# The file file_input_raw was rewound 1 times
    dieharder-dev-urandom-ac68u-dd-xxxxxxx003-      rgb_lagged_sum|   3|   1000000|     200|0.99222940|  PASSED
    --
    dieharder-dev-urandom-ac68u-dd-xxxxxxx003:      rgb_lagged_sum|  18|   1000000|     100|0.99884712|   WEAK  
    dieharder-dev-urandom-ac68u-dd-xxxxxxx003-# The file file_input_raw was rewound 5 times
    dieharder-dev-urandom-ac68u-dd-xxxxxxx003-      rgb_lagged_sum|  18|   1000000|     200|0.81392455|  PASSED
    --
    dieharder-dev-urandom-ac68u-dd-xxxxxxx003:     rgb_kstest_test|   0|     10000|    1000|0.00341190|   WEAK  
    dieharder-dev-urandom-ac68u-dd-xxxxxxx003-# The file file_input_raw was rewound 13 times
    dieharder-dev-urandom-ac68u-dd-xxxxxxx003-     rgb_kstest_test|   0|     10000|    1100|0.06087035|  PASSED
    --
    dieharder-dev-urandom-ac68u-dd-xxxxxxx031:    rgb_permutations|   3|    100000|     100|0.99679733|   WEAK  
    dieharder-dev-urandom-ac68u-dd-xxxxxxx031-# The file file_input_raw was rewound 1 times
    dieharder-dev-urandom-ac68u-dd-xxxxxxx031-    rgb_permutations|   3|    100000|     200|0.37610252|  PASSED
    --
    dieharder-dev-urandom-ac68u-dd-xxxxxxx031:      rgb_lagged_sum|   4|   1000000|     100|0.99660242|   WEAK  
    dieharder-dev-urandom-ac68u-dd-xxxxxxx031-# The file file_input_raw was rewound 1 times
    dieharder-dev-urandom-ac68u-dd-xxxxxxx031-      rgb_lagged_sum|   4|   1000000|     200|0.73457116|  PASSED
    --
    dieharder-dev-urandom-ac68u-dd-xxxxxxx031:      rgb_lagged_sum|  10|   1000000|     100|0.99517140|   WEAK  
    dieharder-dev-urandom-ac68u-dd-xxxxxxx031-# The file file_input_raw was rewound 2 times
    dieharder-dev-urandom-ac68u-dd-xxxxxxx031-      rgb_lagged_sum|  10|   1000000|     200|0.89873935|  PASSED
    --
    dieharder-dev-urandom-ac68u-dd-xxxxxxx031:      rgb_lagged_sum|  27|   1000000|     100|0.99605411|   WEAK  
    dieharder-dev-urandom-ac68u-dd-xxxxxxx031-# The file file_input_raw was rewound 10 times
    dieharder-dev-urandom-ac68u-dd-xxxxxxx031-      rgb_lagged_sum|  27|   1000000|     200|0.85516907|  PASSED
    --
    dieharder-dev-urandom-ac68u-dd-xxxxxxx031:        dab_filltree|  32|  15000000|       1|0.00222602|   WEAK  
    dieharder-dev-urandom-ac68u-dd-xxxxxxx031-# The file file_input_raw was rewound 16 times
    dieharder-dev-urandom-ac68u-dd-xxxxxxx031-        dab_filltree|  32|  15000000|     101|0.01655759|  PASSED
    --
    dieharder-dev-urandom-ac68u-dd-xxxxxxx362:      rgb_lagged_sum|   2|   1000000|     100|0.99998864|   WEAK  
    dieharder-dev-urandom-ac68u-dd-xxxxxxx362-# The file file_input_raw was rewound 1 times
    dieharder-dev-urandom-ac68u-dd-xxxxxxx362-      rgb_lagged_sum|   2|   1000000|     200|0.93985608|  PASSED
    --
    dieharder-dev-urandom-ac68u-dd-haveged-xxxxxxx897:          sts_serial|   5|    100000|     100|0.99803134|   WEAK  
    dieharder-dev-urandom-ac68u-dd-haveged-xxxxxxx897-          sts_serial|   5|    100000|     100|0.85363161|  PASSED
    dieharder-dev-urandom-ac68u-dd-haveged-xxxxxxx897-          sts_serial|   6|    100000|     100|0.34069922|  PASSED
    --
    dieharder-dev-urandom-ac68u-dd-haveged-xxxxxxx897:      rgb_lagged_sum|  19|   1000000|     100|0.99964650|   WEAK  
    dieharder-dev-urandom-ac68u-dd-haveged-xxxxxxx897-# The file file_input_raw was rewound 4 times
    dieharder-dev-urandom-ac68u-dd-haveged-xxxxxxx897-      rgb_lagged_sum|  19|   1000000|     200|0.86282651|  PASSED
    
    @RMerlin - Anecdotally, based on the small samples of entropy that I've tested (yes, 120GB is a small sample size), it does seem that haveged increases both the quantity and quality of entropy that's available on these platforms. At the very least, it seems to increase quantity without sacrificing quality. I've also seen increased performance (particularly in stability and reliability of ssh connections) which (subjectively) more than offsets the trivial load that haveged adds to the system. Also, keep in mind that the Linux kernel itself is a huge consumer of entropy, eg forking, writing to disk, initiating TCP connections, etc[2,3], which may actually mean that haveged is objectively a net benefit on these platforms; something that I'm not about to test right now. Overall, I think this is a strong argument for including haveged in the default builds, at least as an option, if not the default.
    1. Previous testing (with the "-s 1" option) of dev-urandom-ac68u-dd-xxxxxxx003 with the "-s 1" option also produced zero "weak" results, but without the "-s 1" option that sample yielded 4 "weak" results. That previous testing (with "-s 1") yielded 2 "weak" results from "dev-Random-ac68u-cat-pipe-haveged-xxxxxxx112".
    2. Understanding And Managing Entropy Usage
    3. What keeps draining entropy?
     
  14. SomeWhereOverTheRainBow

    SomeWhereOverTheRainBow Senior Member

    Joined:
    Jun 4, 2019
    Messages:
    297
    Are you advocating that all Routers run as headless servers, serving out the days work, as your testing implies?
     
  15. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,290
    Location:
    San Diego, CA
    For all intents and purposes they are...
     
  16. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,290
    Location:
    San Diego, CA
    Note that haveged is part of the entware packages, as is rng-tools - folks have that option...
     
  17. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,290
    Location:
    San Diego, CA
    Keep in mind that without tools like haveged and/or rngd, /dev/random is blocking, and if the pool runs short, you'll see performance issues until the pool refills - try an rngtest with haveged and rng-tools stopped, and check the pool depth...

    sudo cat /dev/random | rngtest -c 2048

    and in another terminal

    cat /proc/sys/kernel/random/entropy_avail

    What haveged does is feed the kernel to keep the entropy pool filled, and it's quite fast at what it does - and on devices like this, that's an important thing, as startup scripts like dnscrypt check the pool before starting up. Stubby as well, as it uses entropy for randomness.

    Anyways - nice work, and it does validate haveged as being random enough for most purposes...
     
    L&LD and smasher like this.
  18. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,290
    Location:
    San Diego, CA
    Bonus post...

    RPi's have a build in HWRNG, so with rng-tools, and or uncomment the line below, and restart rng-tools

    HRNGDEVICE=/dev/hwrng

    If one wants to see what randomness looks like - install the netpbm package, and run the line below

    cat <source> | rawtoppm -rgb 256 256 | pnmtopng > random$(date +%Y%m%d%H%M%S).png
    For example, on RPi - there one has to use sudo to capture direct from hwrng...

    sudo cat /dev/hwrng | rawtoppm -rgb 256 256 | pnmtopng > random$(date +%Y%m%d%H%M%S).png

    random.png
     
  19. smasher

    smasher Regular Contributor

    Joined:
    Jun 21, 2019
    Messages:
    83
    Advocating? Not at all. As an empirical observation, it seems that most/all routers are effectively headless servers.
     
  20. smasher

    smasher Regular Contributor

    Joined:
    Jun 21, 2019
    Messages:
    83
    And here's an example of "random" done wrong -

    [​IMG]

    The patterns should be obvious - https://www.random.org/analysis/

    Of course, an entropy source that provides good quality entropy, but it's constantly blocking, is a different kind of bad, which will cause different kinds of problems.
     
    Last edited: Nov 28, 2019