Chuck Nemeth

User Tools

Site Tools

Trace:
usb-devices:onerng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
usb-devices:onerng [2020/03/15 14:31] – created chuckusb-devices:onerng [2020/06/16 19:29] (current) – [Installing software] chuck
Line 13: Line 13:
 One of the ‘features’ of this device is that it’s completely open. Open meaning open source software and hardware. You can physically inspect every aspect. They have images and schematics you can compare your device with to ensure that your device hasn’t been tampered with in transit. I looked mine over and took some pictures. One of the ‘features’ of this device is that it’s completely open. Open meaning open source software and hardware. You can physically inspect every aspect. They have images and schematics you can compare your device with to ensure that your device hasn’t been tampered with in transit. I looked mine over and took some pictures.
  
-{{ :zzz-site:onerng:onerng-top-1080.jpg?direct&600 |OneRNG Top }}+{{ usb-device:onerng:onerng-top.jpg?direct&600 |OneRNG Top }}
  
 Take the ‘tin foil hat’ off and it reveals the components: Take the ‘tin foil hat’ off and it reveals the components:
  
-{{ :zzz-site:onerng:onerng-top-lidoff-1080.jpg?direct&600 |OneRNG Top Lid Off }}+{{ usb-device:onerng:onerng-top-lidoff.jpg?direct&600 |OneRNG Top Lid Off }}
  
 The back of the device is pretty boring, but you can see the traces. The back of the device is pretty boring, but you can see the traces.
-{{ :zzz-site:onerng:onerng-back-1080.jpg?direct&600 |OneRNG Back }}+{{ usb-device:onerng:onerng-back.jpg?direct&600 |OneRNG Back }}
  
 ---- ----
Line 30: Line 30:
 ====Installing software==== ====Installing software====
  
-In order for this thing to work properly, we need to install some packages on our host system.+  * In order for this thing to work properly, we need to install some packages on our host system:<code> 
 +[user@mainpc:~]$ sudo apt install at openssl python-gnupg rng-tools</code>
  
-<code>[user@mainpc:~]$ sudo apt install at openssl python-gnupg rng-tools</code> +  * Finally, download the host software from their site, verify, then install it:<code> 
- +[user@mainpc:Downloads]$ wget -O onerng.deb 'https://github.com/OneRNG/onerng.github.io/blob/master/sw/onerng_3.6-1_all.deb?raw=true'
-Finally, download the host software from their site, verify, then install it: +
- +
-<code>[user@mainpc:Downloads]$ wget -O onerng.deb 'https://github.com/OneRNG/onerng.github.io/blob/master/sw/onerng_3.6-1_all.deb?raw=true'+
  
 [user@mainpc:Downloads]$ sha256sum onerng.deb [user@mainpc:Downloads]$ sha256sum onerng.deb
 a9ccf7b04ee317dbfc91518542301e2d60ebe205d38e80563f29aac7cd845ccb onerng.deb a9ccf7b04ee317dbfc91518542301e2d60ebe205d38e80563f29aac7cd845ccb onerng.deb
  
-[user@mainpc:Downloads]$ sudo dpkg -i onerng.deb+[user@mainpc:Downloads]$ sudo apt install ./onerng.deb
 </code> </code>
  
-You can and should verify what I typed here at the Official Site:+You can (and shouldverify what I typed here at the Official Site:
 http://onerng.info/onerng/ http://onerng.info/onerng/
 +
 +----
 +
 +====rng-tools service====
 +I noticed that rng-tools was failing to start due to not finding a hardware RNG device to use.
 +  * Check the status of the service: <code>
 +[user@mainpc:~]$ systemctl status rng-tools
 +● rng-tools.service
 +   Loaded: loaded (/etc/init.d/rng-tools; generated)
 +   Active: failed (Result: exit-code) since Tue 2020-06-16 13:31:13 EDT; 7s ago
 +     Docs: man:systemd-sysv-generator(8)
 +  Process: 29738 ExecStart=/etc/init.d/rng-tools start (code=exited, status=1/FAILURE)
 +
 +Jun 16 13:31:13 mainpc systemd[1]: Starting rng-tools.service...
 +Jun 16 13:31:13 mainpc rng-tools[29738]: Starting Hardware RNG entropy gatherer daemon: (Hardware RNG dev>
 +Jun 16 13:31:13 mainpc rng-tools[29738]: /etc/init.d/rng-tools: Cannot find a hardware RNG device to use.
 +Jun 16 13:31:13 mainpc systemd[1]: rng-tools.service: Control process exited, code=exited, status=1/FAILU>
 +Jun 16 13:31:13 mainpc systemd[1]: rng-tools.service: Failed with result 'exit-code'.
 +Jun 16 13:31:13 mainpc systemd[1]: Failed to start rng-tools.service.
 +</code>
 +
 +===Fixing it===
 +I was able to fix it by editing ''%%/etc/default/rng-tools%%'' and pointing it to ''%%/dev/ttyACM0%%''.
 +
 +  * Edit the file:<code>
 +[user@mainpc:~]$ sudoedit /etc/default/rng-tools
 +</code>
 +  * Uncomment and edit:<code>
 +HRNGDEVICE=/dev/ttyACM0
 +</code>
 +  * Start the service:<code>
 +[user@mainpc:~]$ sudo systemctl start rng-tools.service
 +</code>
 +  * Check the status:<code>
 +[user@mainpc:~]$ systemctl status rng-tools
 +● rng-tools.service
 +   Loaded: loaded (/etc/init.d/rng-tools; generated)
 +   Active: active (running) since Tue 2020-06-16 13:35:07 EDT; 3s ago
 +     Docs: man:systemd-sysv-generator(8)
 +  Process: 17170 ExecStart=/etc/init.d/rng-tools start (code=exited, status=0/SUCCESS)
 +    Tasks: 4 (limit: 4915)
 +   Memory: 708.0K
 +   CGroup: /system.slice/rng-tools.service
 +           └─17172 /usr/sbin/rngd -r /dev/ttyACM0
 +
 +Jun 16 13:35:07 mainpc systemd[1]: Starting rng-tools.service...
 +Jun 16 13:35:07 mainpc rng-tools[17170]: Starting Hardware RNG entropy gatherer daemon: rngd.
 +Jun 16 13:35:07 mainpc systemd[1]: Started rng-tools.service.
 +Jun 16 13:35:07 mainpc rngd[17172]: rngd 2-unofficial-mt.14 starting up...
 +Jun 16 13:35:07 mainpc rngd[17172]: entropy feed to the kernel ready
 +</code>
  
 ---- ----
Line 208: Line 257:
  
 <code> <code>
-[user@mainpc:~]$ sudo ps aux | grep rngd +[user@mainpc:~]$ ps aux | grep rngd 
-root      7144  0.0  0.0  30960   748 ?        SNLl 11:39   0:00 rngd -f --rng-entropy=.93750 -r /dev/stdin+root     30744  0.0  0.0  27036   808 ?        SNLl 10:34   0:01 rngd -f --rng-entropy=.93750 -r /dev/stdin 
 +root     32076  0.0  0.0  92572   108 ?        SLsl 10:34   0:01 /usr/sbin/rngd -r /dev/ttyACM0 
 + 
 +[user@mainpc:~]$ pgrep -a rngd  
 +30744 rngd -f --rng-entropy=.93750 -r /dev/stdin 
 +32076 /usr/sbin/rngd -r /dev/ttyACM0
  
-[user@mainpc:~]$ sudo pgrep -a rngd  
-7144 rngd -f --rng-entropy=.93750 -r /dev/stdin 
  
 The output of -r /dev/stdin is indicative that you are using openssl for extra whitening (the default). It can be changed in /etc/onerng.conf. The output of -r /dev/stdin is indicative that you are using openssl for extra whitening (the default). It can be changed in /etc/onerng.conf.
Line 265: Line 317:
   * **/dev/urandom** - Not using the OneRNG at all   * **/dev/urandom** - Not using the OneRNG at all
  
 +
 +===Using /dev/random===
 <code> <code>
-# OneRNG using /dev/random +[user@mainpc:~]$ time dd if=/dev/random of=random.img iflag=fullblock bs=1M count=10 status=progress
-[user@mainpc:~]$ time dd if=/dev/random of=random.img iflag=fullblock bs=1M count=10+
 10+0 records in 10+0 records in
 10+0 records out 10+0 records out
Line 275: Line 328:
 user 0m0.028s user 0m0.028s
 sys 0m4.308s sys 0m4.308s
- +</code> 
-# OneRNG using /dev/ttyACM0 +===Using /dev/ttyACM0=== 
-[user@mainpc:~]$ time sudo dd if=/dev/ttyACM0 of=tty.img iflag=fullblock bs=1M count=10+<code> 
 +[user@mainpc:~]$ time sudo dd if=/dev/ttyACM0 of=tty.img iflag=fullblock bs=1M count=10 status=progress
 10+0 records in 10+0 records in
 10+0 records out 10+0 records out
Line 285: Line 339:
 user 0m0.092s user 0m0.092s
 sys 0m1.016s sys 0m1.016s
 +</code>
  
-# Just using /dev/urandom +===Using /dev/urandom=== 
-[user@mainpc:~]$ time dd if=/dev/urandom of=urandom.img iflag=fullblock bs=1M count=10+<code> 
 +[user@mainpc:~]$ time dd if=/dev/urandom of=urandom.img iflag=fullblock bs=1M count=10 status=progress
 10+0 records in 10+0 records in
 10+0 records out 10+0 records out
Line 299: Line 355:
 ---- ----
  
 +===Results===
 +The results show that using ''%%/dev/ttyACM0%%'' is roughly 3x faster than using ''%%/dev/random%%'' while both are much slower than ''%%/dev/urandom%%''.
 +
 +^ Stat ^ /dev/random ^ /dev/ttyACM0 ^ /dev/urandom ^
 +^ real | 9m55.880s   | 3m2.079s     | 0m0.056s     |
 +^ user | 0m0.028s    | 0m0.092s     | 0m0.000s     |
 +^ sys  | 0m4.308s    | 0m1.016s     | 0m0.056s     |
 +
 +----
 +
 +====entropy_avail====
 +You can check the amount of entropy available by reading the file ''%%/proc/sys/kernel/random/entropy_avail%%''
 +
 +<WRAP announcement green>
 +Here's a oneliner I wrote to monitor it from another terminal while I ran the above tests:
 +<code>
 +while true; do cat /proc/sys/kernel/random/entropy_avail; sleep 1; done
 +</code>
 +</WRAP>
 +
 +I noticed that while idle and with the OneRNG plugged in, the value stayed above 2500 and would climb well past 3000 if left alone for a while. The max value can be found in ''%%/proc/sys/kernel/random/poolsize%%'' (where mine is set at 4096).
 +
 +  * When running from ''%%/dev/random%%'', the **entropy_available** quickly depletes until the task is finished.
 +    * When the OneRNG **is** plugged in, it instantly regenerates to above 2000 once the task is finished.
 +    * When the OneRNG ** is not** plugged in, it slowly starts rising once the task is finished.
 +  * When running from ''%%/dev/ttyACM0%%'', the **entropy_available** seems to stay the same while creating the 10M file.
 +  * When running from ''%%/dev/urandom%%'', the **entropy_available** seems to stay the same while creating the 10M file.
 +
 +----
 ====ent==== ====ent====
  
usb-devices/onerng.1584282674.txt.gz · Last modified: by chuck