3

Using rng-tools 6.3.1, I list the entropy sources:

$ rngd -l
Entropy sources that are available but disabled
4: NIST Network Entropy Beacon
Available and enabled entropy sources:
2: Intel RDRAND Instruction RNG
5: JITTER Entropy generator

What would cause source #4 (NIST Network Entropy Beacon) to become "enabled" and not just "available"?

Antick
  • 31
  • 2
  • Idk, but don't ever trust NIST. NIST is to be considered a malicious actor. – Peter Harmann Sep 20 '18 at 22:17
  • 2
    I think to elaborate on what @PeterHarmann said, the NIST entropy source is generated by a 3rd party whereas the other two are generated locally. Reputation aside, it basically boils down to "why trust a 3rd party if you don't have to?". – Mr. Llama Sep 21 '18 at 00:00
  • Interestingly, I've heard "Don't ever trust Intel RDRAND" for similar reasons. Who knew that the security industry is full of paranoid people? – Mike Ounsworth Sep 21 '18 at 02:23
  • I believe that rngd will not place full trust in any single source. It is completely safe to use NIST as a source of entropy (although it's silly, considering it must be sent over the network), since it will do nothing but augment existing sources (interrupt timing, keystroke delays, etc). – forest Sep 21 '18 at 03:39

1 Answers1

2

According to the manual page, you can use -n or --include with either the index or the shortname for the given entropy source specified in -l to enable it. In your case, you would run the following:

rngd -n 4

However, in the same manual page, there is a warning about enabling this source:

Entropy gathered from the NIST network entropy beacon. Note that this entropy source is disabled by default as it should never be used for cryptographic purposes, or any use case in which random data should be known only by a single entity.

The problem is that the NIST entropy beacon sends the random data to everyone over the network. It is not intended to be used for secret keys (the ouput isn't secret), but for getting unpredictable randomness. In fact, it allows anyone to see a list of previous random outputs! From their FAQ:

The Beacon is designed to provide unpredictability, autonomy, and consistency. Unpredictability means that users cannot algorithmically predict bits before they are made available by the source. Autonomy means that the source is resistant to attempts by outside parties to alter the distribution of the random bits. Consistency means that a set of users can access the source in such a way that they are confident they all receive the same random string.

Bold emphasis mine. This means that everyone gets the same output, so it is not secret after it has been released! In fact, the beacon only releases a new 512-bit output to everyone every 60 seconds, and the previous output is stored and available for anyone to see. Now, while rng-tools will only mix the data with the random pool in order to prevent any sources from reducing security, using the NIST entropy beacon to supplement your kernel random pool is unnecessary and won't really provide you with any cryptographic benefits, anymore than mixing in the previous winning lottery numbers would.

forest
  • 66,706
  • 20
  • 212
  • 270