Entropy (computing)
Encyclopedia
In computing
, entropy is the randomness
collected by an operating system or application for use in cryptography or other uses that require random data. This randomness is often collected from hardware sources, either pre-existing ones such as mouse movements or specially provided randomness generators.
generates entropy from keyboard
timings, mouse
movements, and IDE timings and makes the random character data available to other operating system processes through the special files /dev/random
and /dev/urandom. This capability was introduced in Linux version 1.3.30.
There are some Linux kernel patches allowing one to use more entropy sources. The audio-entropyd project, which is included in some operating systems such as Fedora
, allows audio data to be used as an entropy source. Another alternative is to use the HAVEGE algorithm through haveged to pool entropy. In some systems, network interrupts can be used as an entropy source as well.
On systems using the Linux kernel, programs needing significant amounts of random data from /dev/urandom cannot co-exist with programs reading little data from /dev/random
, as /dev/urandom depletes /dev/random whenever it is being read.
A 3rd-party kernel module implementing /dev/random is also available for releases dating back to Solaris 2.4.
that allows software processes to retrieve random data.
releases newer than 95A feature the CryptoAPI (CAPI) API that gathers entropy in a similar fashion to Linux kernel's /dev/random.
Windows's CryptoAPI uses the binary registry
key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed to store a seeded value from all of its entropy sources.
Because CryptoAPI is closed-source, some free and open source software
applications running on the Windows platform use other measures to get randomness. For example, GnuPG, as of version 1.06, uses a variety of sources such as the number of free bytes in memory that combined with a random seed generate the desired randomness it needs.
Programmers using CAPI can get entropy by calling CAPI's CryptGenRandom
, after properly initialising it.
, one can read the entropy generated from such a device through /dev/hw random. However, sometimes /dev/hw_random may be slow; usually around 80K/s.
There are some companies manufacturing entropy generation devices, and some of them are shipped with drivers for Linux.
On Debian
, one can install the rng-tools package (apt-get install rng-tools) that supports the true random number generators (TRNGs) found in some Intel, AMD, or VIA
chipset
s, effectively increasing the entropy collected into /dev/random and potentially improving the cryptographic potential. This is especially useful on headless system
s that have no other sources of entropy.
s, especially those supervising Internet servers, have to ensure that the server processes will not halt because of entropy depletion. Entropy on server
s utilising the Linux kernel, or any other kernel or userspace process that generates entropy from the console and the storage subsystem, is often less than ideal because of the lack of a mouse and keyboard, thus servers have to generate their entropy from a limited set of resources such as IDE timings.
Entropy in Linux
is viewable through the file /proc/sys/kernel/random/entropy_avail and should generally be at least 2000. Entropy changes frequently.
Administrators responsible for systems that have low or zero entropy should not attempt to use /dev/urandom as a substitute for /dev/random as this may cause SSL/TLS connections to have lower-grade encryption.
Some software systems change their Diffie-Hellman keys often, and this may in some cases help a server to continue functioning normally even with an entropy bottleneck.
On servers with low entropy, a process can appear hung when it is waiting for random characters to appear in /dev/random (on Linux-based systems). For example, there was a known problem in Debian
that caused exim4 to hang in some cases because of this.
Entropy can affect the cryptography
(TLS/SSL) of a server
: If it is too low then the regeneration of codes can take much time to complete.
In some cases a cracker
(malicious attacker) can guess some bit
s of entropy from the output of a pseudorandom number generator
(PRNG), and this happens when not enough entropy is shoved into the PRNG.
, or by building a sensor to measure the air turbulence inside a disk drive. However, microphones are usually not available in servers.
For Unix/BSD derivates there exists a USB based solution that utilizes an ARM Cortex CPU for filtering / securing the bit stream generated by two entropy generator sources in the system.
Computing
Computing is usually defined as the activity of using and improving computer hardware and software. It is the computer-specific part of information technology...
, entropy is the randomness
Randomness
Randomness has somewhat differing meanings as used in various fields. It also has common meanings which are connected to the notion of predictability of events....
collected by an operating system or application for use in cryptography or other uses that require random data. This randomness is often collected from hardware sources, either pre-existing ones such as mouse movements or specially provided randomness generators.
Entropy in the Linux kernel
The Linux kernelLinux kernel
The Linux kernel is an operating system kernel used by the Linux family of Unix-like operating systems. It is one of the most prominent examples of free and open source software....
generates entropy from keyboard
Keyboard (computing)
In computing, a keyboard is a typewriter-style keyboard, which uses an arrangement of buttons or keys, to act as mechanical levers or electronic switches...
timings, mouse
Mouse (computing)
In computing, a mouse is a pointing device that functions by detecting two-dimensional motion relative to its supporting surface. Physically, a mouse consists of an object held under one of the user's hands, with one or more buttons...
movements, and IDE timings and makes the random character data available to other operating system processes through the special files /dev/random
/dev/random
In Unix-like operating systems, /dev/random is a special file that serves as a random number generator or as a pseudorandom number generator. It allows access to environmental noise collected from device drivers and other sources. Not all operating systems implement the same semantics for /dev/random...
and /dev/urandom. This capability was introduced in Linux version 1.3.30.
There are some Linux kernel patches allowing one to use more entropy sources. The audio-entropyd project, which is included in some operating systems such as Fedora
Fedora (operating system)
Fedora is a RPM-based, general purpose collection of software, including an operating system based on the Linux kernel, developed by the community-supported Fedora Project and sponsored by Red Hat...
, allows audio data to be used as an entropy source. Another alternative is to use the HAVEGE algorithm through haveged to pool entropy. In some systems, network interrupts can be used as an entropy source as well.
On systems using the Linux kernel, programs needing significant amounts of random data from /dev/urandom cannot co-exist with programs reading little data from /dev/random
/dev/random
In Unix-like operating systems, /dev/random is a special file that serves as a random number generator or as a pseudorandom number generator. It allows access to environmental noise collected from device drivers and other sources. Not all operating systems implement the same semantics for /dev/random...
, as /dev/urandom depletes /dev/random whenever it is being read.
Entropy in the Hurd kernel
A driver ported from the Linux kernel has been made available for the Hurd kernel.Entropy in Solaris
/dev/random and /dev/urandom have been available as Sun packages or patches for Solaris since Solaris 2.6, and have been a standard feature since Solaris 9. As of Solaris 10, administrators can remove existing entropy sources or define new ones via the kernel-level cryptographic framework.A 3rd-party kernel module implementing /dev/random is also available for releases dating back to Solaris 2.4.
Entropy in OS/2
There is a software package for OS/2OS/2
OS/2 is a computer operating system, initially created by Microsoft and IBM, then later developed by IBM exclusively. The name stands for "Operating System/2," because it was introduced as part of the same generation change release as IBM's "Personal System/2 " line of second-generation personal...
that allows software processes to retrieve random data.
Entropy in Windows
Microsoft WindowsMicrosoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
releases newer than 95A feature the CryptoAPI (CAPI) API that gathers entropy in a similar fashion to Linux kernel's /dev/random.
Windows's CryptoAPI uses the binary registry
Windows registry
The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user...
key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed to store a seeded value from all of its entropy sources.
Because CryptoAPI is closed-source, some free and open source software
Free and open source software
Free and open-source software or free/libre/open-source software is software that is liberally licensed to grant users the right to use, study, change, and improve its design through the availability of its source code...
applications running on the Windows platform use other measures to get randomness. For example, GnuPG, as of version 1.06, uses a variety of sources such as the number of free bytes in memory that combined with a random seed generate the desired randomness it needs.
Programmers using CAPI can get entropy by calling CAPI's CryptGenRandom
CryptGenRandom
CryptGenRandom is a cryptographically secure pseudorandom number generator function that is included in Microsoft's Cryptographic Application Programming Interface. In Win32 programs, Microsoft recommends its use anywhere random number generation is needed...
, after properly initialising it.
Entropy in other systems
There are some software packages that allow one to use a userspace process to gather random characters, exactly what /dev/random does, such as EGD, the Entropy Gathering Daemon.Hardware-originated entropy
Modern CPUs and hardware often features integrated generators that can provide high-quality and high-speed entropy to operating systems. On systems based on the Linux kernelLinux kernel
The Linux kernel is an operating system kernel used by the Linux family of Unix-like operating systems. It is one of the most prominent examples of free and open source software....
, one can read the entropy generated from such a device through /dev/hw random. However, sometimes /dev/hw_random may be slow; usually around 80K/s.
There are some companies manufacturing entropy generation devices, and some of them are shipped with drivers for Linux.
On Debian
Debian
Debian is a computer operating system composed of software packages released as free and open source software primarily under the GNU General Public License along with other free software licenses. Debian GNU/Linux, which includes the GNU OS tools and Linux kernel, is a popular and influential...
, one can install the rng-tools package (apt-get install rng-tools) that supports the true random number generators (TRNGs) found in some Intel, AMD, or VIA
VIA
- Science and technology :* MOS Technology 6522, Versatile Interface Adapter* Via , a through-connection* VIA Technologies, a Taiwanese manufacturer of integrated circuits, subnotebooks, and Ultra-Mobile PCs...
chipset
Chipset
A chipset, PC chipset, or chip set refers to a group of integrated circuits, or chips, that are designed to work together. They are usually marketed as a single product.- Computers :...
s, effectively increasing the entropy collected into /dev/random and potentially improving the cryptographic potential. This is especially useful on headless system
Headless system
A headless system is a computer system or device that has been configured to operate without a monitor , keyboard and mouse...
s that have no other sources of entropy.
Practical implications of entropy
System administratorSystem administrator
A system administrator, IT systems administrator, systems administrator, or sysadmin is a person employed to maintain and operate a computer system and/or network...
s, especially those supervising Internet servers, have to ensure that the server processes will not halt because of entropy depletion. Entropy on server
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
s utilising the Linux kernel, or any other kernel or userspace process that generates entropy from the console and the storage subsystem, is often less than ideal because of the lack of a mouse and keyboard, thus servers have to generate their entropy from a limited set of resources such as IDE timings.
Entropy in Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
is viewable through the file /proc/sys/kernel/random/entropy_avail and should generally be at least 2000. Entropy changes frequently.
Administrators responsible for systems that have low or zero entropy should not attempt to use /dev/urandom as a substitute for /dev/random as this may cause SSL/TLS connections to have lower-grade encryption.
Some software systems change their Diffie-Hellman keys often, and this may in some cases help a server to continue functioning normally even with an entropy bottleneck.
On servers with low entropy, a process can appear hung when it is waiting for random characters to appear in /dev/random (on Linux-based systems). For example, there was a known problem in Debian
Debian
Debian is a computer operating system composed of software packages released as free and open source software primarily under the GNU General Public License along with other free software licenses. Debian GNU/Linux, which includes the GNU OS tools and Linux kernel, is a popular and influential...
that caused exim4 to hang in some cases because of this.
Security implications
Entropy sources can be used for keyboard timing attacks.Entropy can affect the cryptography
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
(TLS/SSL) of a server
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
: If it is too low then the regeneration of codes can take much time to complete.
In some cases a cracker
Hacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
(malicious attacker) can guess some bit
Bit
A bit is the basic unit of information in computing and telecommunications; it is the amount of information stored by a digital device or other physical system that exists in one of two possible distinct states...
s of entropy from the output of a pseudorandom number generator
Pseudorandom number generator
A pseudorandom number generator , also known as a deterministic random bit generator , is an algorithm for generating a sequence of numbers that approximates the properties of random numbers...
(PRNG), and this happens when not enough entropy is shoved into the PRNG.
Other potential sources for entropy
Commonly used entropy sources include the mouse, keyboard, and IDE timings, but there are other potential sources. For example, one could collect entropy from the computer's microphoneMicrophone
A microphone is an acoustic-to-electric transducer or sensor that converts sound into an electrical signal. In 1877, Emile Berliner invented the first microphone used as a telephone voice transmitter...
, or by building a sensor to measure the air turbulence inside a disk drive. However, microphones are usually not available in servers.
For Unix/BSD derivates there exists a USB based solution that utilizes an ARM Cortex CPU for filtering / securing the bit stream generated by two entropy generator sources in the system.