Moar Entropy Sources

Found a package called randomsound that uses audio cards as entropy source. Maybe I should re-add sound to the gateway in that case? Question is if it works with speakers muted and also if we need to be playing something for it to generate entropy.

I need to contact the upstream dev to know more

Daniel Silverstone

Email: <dsilvers@digital-scurf.org>

IRC: Kinnison, OFTC, #debian-uk


One of vanheusden’s daemons are already packaged for Fedora. Perhaps we can attempt converting them to .deb with Alien.

Both video-entropyd and audio-entropyd need access to sound and visual output so perhaps they would make sense more outside the VM while TimerEntropyd goes inside.

audio-entropyd (make sure your microphone isn’t muted), and video_entropyd (needs a camera or video input, might be able to hook up an analog antenna to a TV Tuner and set it to a static channel. It might also suck up some CPU cycles, so be careful)

libprngwrap uses LD_PRELOAD magic to force the few dumb programsleft that insist on using /dev/random to be redirected to urandom instead. Not sure if useful anymore when jitterentropy handles /dev/random and stops its blocking.



Asked by @HulaHoop:
Whonix-devel - randomsound questions

randomsound developer replied to the mailing list:

(But somehow the reply does not (yet) show up on the mailing list archive.)

From: Daniel Silverstone
On Sat, Nov 23, 2019 at 20:29:48 +0000, procmem@riseup.net wrote:

Hi Dan. I’m a privacy distro dev and we are thinking of including
randomsound as an entropy source by default.

I’d recommend against that, reasoning below…


  • Does it gather entropy at all times when a soundcard is connected or only when there is sound playing?

It was designed to gather sound at all times it was running.

  • I assume form the package description it relies on sound output and not microphone input unlike van Heusden’s audio-entropyd

It was meant to use an input line, microphone or line-in.

  • How well can it function in a virtual environment?

Probably not usefully at all.

Randomsound was written a long time ago when computer hardware was simpler and less careful in terms of sound design. It was common for sound cards to be fairly (a) electrically noisy and (b) configurable. As such, I had a server which had need of entropy and a sound device which had no microphone or line-in device attached, and a sound card which could decouple its level monitoring from any controls (leave it floating) – this combination gave me a source of electrical and thermal noise I could harvest.

These days sound cards have mandatory filtering and are sufficiently complex that I would not like to make any assertions about an ability to set one up in the manner I recommended for use with randomsound. Virtual devices are even more controlled and thus even less likely to provide access to the kinds of entropy randomsound attempted to harvest.

These days I’d recommend ensuring that host systems harvest entropy from as many sources as possible, optionally sharing them around among themselves (I believe there’s software for this kind of thing) and then qemu has a virtio-rng device which allows transfer of entropy from host to guest (at a controlled rate).

There are also devices one can purchase which can increase the available entropy pool if your hosts are regularly running dry. For example the chaoskey by Keith Packard and Bdale Garbee.

Good luck with your quest for entropy, and thank you all for taking privacy so seriously.


Daniel Silverstone http://www.digital-scurf.org/
PGP mail accepted and encouraged. Key Id: 3CCE BABE 206C 3B69

No reports of anything is blocking now (before jitterentropy kernel module gets load) or later. Without any reports of anything blocking, I don’t think blocking would be an issue even if blocking somewhere. Blocking as far as I understand just means slower. Not catastrophic.

https://vanheusden.com/libprngwrap/ sounds not so simple.

In sort libprngwrap enhances the PRNGs from libc. libprngwrap replaces the [s]rand, [s]random and [*]rand48 library calls with functions that get random values from /dev/urandom. This is supposed to be more secure.

Does not sound like a /dev/random vs /dev/urandom thing.

Then he links to https://vanheusden.com/misc/monitoring_kernelentropy_buffer_with_mrtg.php where he contradicts that.

When your Linux system uses a lot of entropy-data from the /dev/random or /dev/urandom device, it might get empty and stall your application (in case of /dev/random) or return less secure data (in case of /dev/urandom).

There we have it again, “less secure data (in case of /dev/urandom”.

Awesome initiative and questions. Please keep digging / asking.

Can you make head or tail of Monitoring the kernel entropy buffer with mrtg? Try in KVM?

mrtg is in Debian:

1 Like

Installed it and output looks good.

Not seeing the benefit of this package over running plain cat /proc/sys/kernel/random/entropy_avail. It provides an easy to read cli interface to see server stats like uptime however.

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]