Initialize CSPRNG on boot to bootstrap entropy faster

Question

I found that when using the firebase_admin library, first time runs of my script would error running, but would eventually start working.

The problem has been isolated to the way the Python cryptography library is initialized. I received this response when filing an issue in the Python cryptography Githib repo:

The issue is that your RPi is failing to initialize the CSPRNG (cryptographically secure pseudorandom number generator). In cryptography 2.4.2 and below we initialize in a nonblocking fashion. This means that if the CSPRNG isn't ready we just error out. In current master we've changed that to blocking mode, which causes the process to hang until the CSPRNG is ready. (source)

As a fix, the suggestion was as follows:

...you'll want to look into getting your CSPRNG working earlier after boot. One common method is to create a seed file after successful init that it can read back in during the next boot. Typically linux distributions do this for you, but RPis have constrained space and other unusual limitations so maybe this one doesn't by default?

Can anyone help explain if this is possible with a Raspberry Pi Zero W, and if so, how to implement the changes?

Answer 1

Update:
If you are using Raspbian then rng-tools are now installed by default since Raspbian Stretch 2019-04-08.

---

I don't know if the following suggestion helps but it is worth a try because it speeds up getting random numbers. Fortunately the RasPi has a build in true hardware random number generator (TRNG) but it isn't used by the default Raspbian operating system. To use it you have to install a piece of software with:

rpi ~$ sudo apt install rng-tools

Now the operating system will get its random numbers from the TRNG. I don't now if the python cryptography library also benefit from this.