Hardware Random Number Generator PRG320

/dev/urandom/ is a pseudo random number generator used by for Fedora and other linux-based operating systems. This little Python snippet will get you some data:

import binascii
import os

data = os.urandom(10)

print(data)
print(str(binascii.hexlify(bytearray(data))))
print(int(bytearray(data).hex(), 16))

/dev/random/ and /dev/urandom/ are the usual sources of cryptographic random numbers. The quality of the produced data may suffer if the entropy is not big enough or other circumstances like running in a virtual machine.

Some of my co-workers at audius take it really serious when it comes to random numbers. The team that is working on HSM (Hardware Security Module) appliances is especially keen to get cryptographically secure random numbers.

Don’t understand me wrong, they don’t have to deal with the missing entropy or randomness on virtual machines as all their stuff is designed to run on physical hardware but they wanted more.

The solution of this issue is to use a hardware device that is generating the random numbers. Usually they are using the PRG320-51 by IBB Ingenieurbüro Bergmann but for playing around we also have access to some PRG320-4. They are working in the same way, only the type of connection is different. The PRG320-4 has an USB Type A connector.

On Fedora the device is recognized immediately. It will show up as “Future Technology Devices International”.

$ lsusb
[...]
Bus 001 Device 033: ID 0403:6001 Future Technology Devices International, Ltd ...
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

The numbers are generated and accessible by a serial interface with the settings 921600 8N1. Connecting with minicom to /dev/ttyUSB0 will give you the raw output. Not very handy if you don’t want to feed the output into a tool to generate keys or what ever.

The little script will get you one number.

The output looks like:

{
  "hex": "b'f99fe85ebefe77776aa42fe1e...3740'",
  "int": 2992748900635379...5312,
  "raw": "b\"\\xf9\\x9f\\xe8^\\xbe\...x877@\""
}

For further details check the rng-tools. rndg is a daemon that can help you to check and feed random data from hardware device to kernel entropy pool.

This entry was posted in Fedora, Security. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.