Random Number Generator

This guide documents the main method for optimizing RNG availability on OpenWrt.
It may help to minimize overall system startup time on lower-performance devices, or on devices without a HWRNG.

Since OpenWrt 15.05, hwrng output is automatically added to the kernel's entropy pool, so devices with a HWRNG may not necessarily benefit from rng-tools.¹⁾²⁾

AMD/Intel processors that have a HWRNG will return text when running cat /proc/cpuinfo | grep rdrand.

To check whether a HWRNG is being used, run cat /sys/class/misc/hw_random/rng_current.

• Minimize startup time for cryptography-dependent services on low-performance devices.
  • Avoid potential deadlock states and race conditions.

Provide fast RNG with rng-tools.

# Install packages
opkg update
opkg install rng-tools
 
# Configure RNG
uci set system.@rngd[0].enabled="1"
uci commit system
service rngd restart

Test the entropy pool size.

sysctl kernel.random.entropy_avail

Use rngtest to check the randomness of data.

RNG_DEV="$(uci get system.@rngd[0].device)"
rngtest -c 1000 < ${RNG_DEV}

Collect and analyze the following information.

# Restart services
service log restart; service rngd restart
 
# Log and status
logread -e rngd; pgrep -f -a rngd
 
# Persistent configuration
uci show system

Use software RNG by default.

# Use software RNG
uci set system.@rngd[0].device="/dev/urandom"
uci commit system
service rngd restart

Use hardware RNG if available.

# Use hardware RNG
uci set system.@rngd[0].device="/dev/hwrng"
uci commit system
service urngd disable && service urngd stop
service rngd restart