User Tools

Site Tools


docs:guide-user:services:rng

Random generator

Introduction

  • This guide describes how to utilize a fast RNG for OpenWrt.
  • It may help to minimize system startup time on low performance devices.

Goals

  • Minimize startup time for cryptography-dependent services.
    • Avoid potential deadlock states and race conditions.

Instructions

Utilize RNG via RNG-Tools.

# Install packages
opkg update
opkg install rng-tools
 
# Configure RNG
uci set system.@rngd[0].enabled="1"
uci commit system
service rngd restart

Use a software RNG by default.

# Use software RNG
uci set system.@rngd[0].device="/dev/urandom"
uci commit system
service rngd restart

Use a hardware RNG if available.

# Use hardware RNG
uci set system.@rngd[0].device="/dev/hwrng"
uci commit system
service rngd restart

Testing

Test the entropy pool size.

cat /proc/sys/kernel/random/entropy_avail

Use rngtest to check the randomness of data.

RNG_DEV="$(uci get system.@rngd[0].device)"
rngtest -c 1000 < ${RNG_DEV}

Troubleshooting

Collect and analyze the following information.

# Restart the services
service log restart; service rngd restart
 
# Log and status
logread -e rngd; pgrep -f -a rngd
 
# Persistent configuration
uci show system
docs/guide-user/services/rng.txt · Last modified: 2019/04/19 17:58 by vgaetera