RNG and the random web - Haveged / RNGTools - Chaos - Crypto - Science of Hardware & Computer Driver
(c)Rupert S
****
*preface* what is the difference between chaos and entropy ?
Chaos is an issue of confusion .... of logic that spirals unpredictably out of control ....
sometimes exciting, sometimes bad ... confusing, exciting .... lacking perfect definition.
Order/logic go hand in hand in the digital age....
Entropy is the disordered but ordered by average breakdown of the system onto a form that statistically meets the requirement that : (all sums eventually average to zero as much as possible)
ergo statistically : Chaos and Order/Logic both exist
---------------------------------------------------
entropy ...
*
Entropy or preferably random plays a very important role in science and the internet...
Security and Research both need this.
But most commonly they lack drivers ..
https://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators
Phone & PC Random/Seed/Entropy is a problem so making an app like ubuntu's entropy seeding app,
With high quality random would be a life saver to the phone user,
In addition the RND Crng Trng or NRNG could use AES to magnify the pool ... or blow-fish etcetera !
For non rooted phones a device a RNG device installed; if RNG device impossible to install then other noise source ..
For the Phone/PC/Mac/Server OS.
*Driver Function and utilisation* (Copyright Rupert S)
Multiple sources of entropy and the hashing of that combined and injected though AES hardware
is not included.. in applications on Phone, Windows, Mac etcetera..
the use of a Hardware Encrypted cache saved to drive .. for example :
Original fresh random/entropy will be stored securely in flash and or on HD/SSD/RAM to further secure the RND Pool.
1mb of RNG data that has not been used to add to the boot source & during low ebbs in Entropy data,
To be refreshed depending on the recording media..
& additional pre ChaCha/AES/Blowfish/Twofish - Encryption mode; processed data in ram,
(Personally AES on hardware encryption devices makes sense)
(4mb is large enough to use but small enough for 256mb ram devices.)
Fortunately this is 4 weeks development at most.
So kernel inclusion of the driver base is a must
With the main tool being protected space; With distribution to user of AES; blowfish etcetera, hashed and expanded data
NX DEP protected data contained securely,
you can seed the data and remix that with new data..
mixed data is the strongest and surely the least predicable of the lot since despite using algorithms the output is clearly unpredictable.
Entropy SIM and SSD cards are an option & can contain an actual memory array flash combo to be super fast;
but economical.
(Copyright Rupert S)
*****
For a windows/phone RNG device .... i have been thinking !
You could modify the driver and make your own to take data from the RNG devices on the comports & obviously PCI etcetera..
Commonly on the Linux system entropy/RNG/Random drivers are in the kernel but are most commonly not configured properly;
These are the problems we need to fix & fix well..
Entropy SIM and SSD cards are an option & can contain an actual memory array flash combo to be super fast;
but economical.
Haveged exists on linux but not on mac or windows.... (The characteristics of Haveged are not necessarily guaranteed to have all the chaos that we need.)
However haveged is one option that combined with AES,Blowfish Random Expansion can help with Entropy issues !
Haveged is not the only solution and furthermore TRNG/CRNG need optimisation .... to Increase security and to provide true crypto/Rand function.
Haveged provides a viable additional source of entropy ....
Preferably not as the only source,
However haveged is a product that produces results,
We surely need in Random Bit starved computers and mobile markets ....
Yes the CPU/GPU configured so can obviously create logical and not so perfectly entropic results,
However we have to ask ourselves do we need random filled with a viable source available to all ?
The answer is obvious yes.
Haveged produces a data far superior to just the user input...
Furthermore the tasks running on the computer and or within the system improve the output...
As the necessity to use haveged increases;
Most likely the user will be running more tasks that need to use it ! and hence there will be better results and more of them.
yes a true TRNG is a state of peace in the true security advocates heart but there is always room for an improved haveged..
both on windows, on mac and other operating systems.
(copyright : Rupert S)
http://www.issihosts.com/haveged/index.html
https://www.irisa.fr/caps/projects/hipsor/
https://fedoraproject.org/wiki/Windows_Virtio_Drivers
viorng/: Virtio RNG driver
Seems a simple and elegant solution that would allow for the use of RNG data and would allow other devices of the same type to work well !
This would be a service to all and allow research sharing,
The driver is open source.
https://github.com/YanVugenfirer/kvm-guest-drivers-windows/blob/master/viorng/viorng/viorng.inf
https://fatminmin.com/blog/install-win10-with-virtio.html
https://pve.proxmox.com/wiki/Windows_VirtIO_Drivers
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Deployment_and_Administration_Guide/sect-Guest_virtual_machine_device_configuration-Random_number_generator_device.html
Other device drivers could also be made not just for virtual machines...
RS
Other tools and functions to call to make the C/N/T/RNG ... Functional - please read all !
*well thought out analysis of the entropy system care of getnetrandom & Wisconsin university*
http://pages.cs.wisc.edu/~swift/papers/oakland14-rng.pdf
*online entropy fetch with Client for windows and linux servers and soon android*
https://www.getnetrandom.com/#howitworks
https://www.getnetrandom.com/quickstart-guide.pdf
http://whitewoodsecurity.com/products/entropy-engine/
https://developer.nordicsemi.com/nRF5_SDK/nRF51_SDK_v8.x.x/doc/8.0.0/s110/html/a00790.html#details
http://gpuopen.com/professional-compute/
http://gpuopen.com/compute-product/hcrng/
https://bitbucket.org/multicoreware/hcrng
http://gpuopen.com/compute-product/clrng/
https://link.springer.com/content/pdf/10.1007/s11227-017-2172-x.pdf - Vectorized algorithm for multidimensional Monte Carlo integration on modern GPU, CPU and MIC architectures
https://streamhpc.com/blog/2017-11-29/learn-amds-prng-library-developed-rocrand/
https://github.com/ROCmSoftwarePlatform/rocRAND
http://bit.ly/HPC-Dev - for compilers and code optimisation
https://www.microsoft.com/en-us/download/details.aspx?id=30688 Cryptographic Provider Development Kit
https://msdn.microsoft.com/en-us/windows/hardware/drivers/bringup/efi-rng-service-binding-protocol
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379942(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/aa380252(v=vs.85).aspx#key_generation_and_exchange_functions
https://msdn.microsoft.com/en-us/library/windows/hardware/ff553181(v=vs.85).aspx
https://wiki.openssl.org/index.php/Random_fork-safety
http://www.amd.com/Documents/SDN-Whitepaper.pdf - Smart Software Defined Networks
http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf - Secure Encrypted Virtualisation Key Management
http://support.amd.com/TechDocs/Protecting%20VM%20Register%20State%20with%20SEV-ES.pdf - PROTECTING VM REGISTER STATE WITH SEV-ES
https://www.getnetrandom.com - provided by the whitewood security core they have now got both linux and windows services.
https://www.getnetrandom.com/quickstart-guide.pdf
http://whitewoodsecurity.com/wp-content/uploads/2016/02/Whitewood_net_Random_Data_Sheet.pdf
http://moonbaseotago.com/onerng/
http://ubld.it
http://qrng.anu.edu.au/index.php
http://random.irb.hr/
*****
Workers :
https://www.upwork.com/hire/driver-development-freelancers/
https://www.theregister.co.uk/2015/04/30/geneva_boffins_make_light_work_of_random_numbers/
https://arxiv.org/abs/1410.2790
(c)RS
*****
for example doesn't ASLR run way before anything else?"
the boot kernel drivers boot before the os with the network driver
(for secure network driver loading for server sessions)
keep a cache of rnd data and bingo
secured boot with high chaos maintenance
"to make USB tpm/dongle devices and boot is secure and the os is safe from intrusion (low priced preferably)"
the driver has to have a verified certificate
"everything makes sense here the details of boot kernel driver vs regular kernel module."
Microsoft and Redhat kernel drivers need certification on servers and generic OS implementation
go directly to them and register your certificate.
Get involved in the RNG Tools project and the kernel development for Linux,windows & mac,
Also android kernel is based on the Linux kernel but implemented though open source development and deviation from Linux source.
"What's your feeling on RNG Tools in general, and from the point of view of it being an optional component people have to consciously seek out and add in vs. being a "built in" part of a standard distribution?"
Personally i believe in RNGTools and the usage is a must!
Multiple sources of entropy and the hashing of that combined and injected though AES hardware
is not included..
Fortunately this is 4 weeks development at most.
So kernel inclusion of the driver base is a must (with the main tool being n protected space with distribution to user of AES; blowfish etcetera, hashed and expanded data
(c)RS
******
The places the random go...
Voyages of the scientific imagination.
https://www.technologyreview.com/s/609482/ai-is-dreaming-up-new-kinds-of-video-games/
https://www.technologyreview.com/s/529136/no-mans-sky-a-vast-game-crafted-by-algorithms/
Random is ever of use to science and creative imagination..
Least we forgo the unusual for common substance.
https://science.n-helix.com/2018/12/rng.html
Security and Research both need this.
But most commonly they lack drivers ..
https://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators
Phone & PC Random/Seed/Entropy is a problem so making an app like ubuntu's entropy seeding app,
With high quality random would be a life saver to the phone user,
In addition the RND Crng Trng or NRNG could use AES to magnify the pool ... or blow-fish etcetera !
For non rooted phones a device a RNG device installed; if RNG device impossible to install then other noise source ..
For the Phone/PC/Mac/Server OS.
*Driver Function and utilisation* (Copyright Rupert S)
Multiple sources of entropy and the hashing of that combined and injected though AES hardware
is not included.. in applications on Phone, Windows, Mac etcetera..
the use of a Hardware Encrypted cache saved to drive .. for example :
Original fresh random/entropy will be stored securely in flash and or on HD/SSD/RAM to further secure the RND Pool.
1mb of RNG data that has not been used to add to the boot source & during low ebbs in Entropy data,
To be refreshed depending on the recording media..
& additional pre ChaCha/AES/Blowfish/Twofish - Encryption mode; processed data in ram,
(Personally AES on hardware encryption devices makes sense)
(4mb is large enough to use but small enough for 256mb ram devices.)
Fortunately this is 4 weeks development at most.
So kernel inclusion of the driver base is a must
With the main tool being protected space; With distribution to user of AES; blowfish etcetera, hashed and expanded data
NX DEP protected data contained securely,
you can seed the data and remix that with new data..
mixed data is the strongest and surely the least predicable of the lot since despite using algorithms the output is clearly unpredictable.
Entropy SIM and SSD cards are an option & can contain an actual memory array flash combo to be super fast;
but economical.
(Copyright Rupert S)
*****
For a windows/phone RNG device .... i have been thinking !
You could modify the driver and make your own to take data from the RNG devices on the comports & obviously PCI etcetera..
Commonly on the Linux system entropy/RNG/Random drivers are in the kernel but are most commonly not configured properly;
These are the problems we need to fix & fix well..
Entropy SIM and SSD cards are an option & can contain an actual memory array flash combo to be super fast;
but economical.
Haveged exists on linux but not on mac or windows.... (The characteristics of Haveged are not necessarily guaranteed to have all the chaos that we need.)
However haveged is one option that combined with AES,Blowfish Random Expansion can help with Entropy issues !
Haveged is not the only solution and furthermore TRNG/CRNG need optimisation .... to Increase security and to provide true crypto/Rand function.
Haveged provides a viable additional source of entropy ....
Preferably not as the only source,
However haveged is a product that produces results,
We surely need in Random Bit starved computers and mobile markets ....
Yes the CPU/GPU configured so can obviously create logical and not so perfectly entropic results,
However we have to ask ourselves do we need random filled with a viable source available to all ?
The answer is obvious yes.
Haveged produces a data far superior to just the user input...
Furthermore the tasks running on the computer and or within the system improve the output...
As the necessity to use haveged increases;
Most likely the user will be running more tasks that need to use it ! and hence there will be better results and more of them.
yes a true TRNG is a state of peace in the true security advocates heart but there is always room for an improved haveged..
both on windows, on mac and other operating systems.
(copyright : Rupert S)
http://www.issihosts.com/haveged/index.html
https://www.irisa.fr/caps/projects/hipsor/
https://fedoraproject.org/wiki/Windows_Virtio_Drivers
viorng/: Virtio RNG driver
Seems a simple and elegant solution that would allow for the use of RNG data and would allow other devices of the same type to work well !
This would be a service to all and allow research sharing,
The driver is open source.
https://github.com/YanVugenfirer/kvm-guest-drivers-windows/blob/master/viorng/viorng/viorng.inf
https://fatminmin.com/blog/install-win10-with-virtio.html
https://pve.proxmox.com/wiki/Windows_VirtIO_Drivers
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Deployment_and_Administration_Guide/sect-Guest_virtual_machine_device_configuration-Random_number_generator_device.html
Other device drivers could also be made not just for virtual machines...
RS
Other tools and functions to call to make the C/N/T/RNG ... Functional - please read all !
*well thought out analysis of the entropy system care of getnetrandom & Wisconsin university*
http://pages.cs.wisc.edu/~swift/papers/oakland14-rng.pdf
*online entropy fetch with Client for windows and linux servers and soon android*
https://www.getnetrandom.com/#howitworks
https://www.getnetrandom.com/quickstart-guide.pdf
http://whitewoodsecurity.com/products/entropy-engine/
*RNG SDK links*
https://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.sdk5.v12.0.0%2Fgroup__nrf__drv__rng.htmlhttps://developer.nordicsemi.com/nRF5_SDK/nRF51_SDK_v8.x.x/doc/8.0.0/s110/html/a00790.html#details
http://gpuopen.com/professional-compute/
http://gpuopen.com/compute-product/hcrng/
https://bitbucket.org/multicoreware/hcrng
http://gpuopen.com/compute-product/clrng/
https://link.springer.com/content/pdf/10.1007/s11227-017-2172-x.pdf - Vectorized algorithm for multidimensional Monte Carlo integration on modern GPU, CPU and MIC architectures
https://streamhpc.com/blog/2017-11-29/learn-amds-prng-library-developed-rocrand/
https://github.com/ROCmSoftwarePlatform/rocRAND
http://bit.ly/HPC-Dev - for compilers and code optimisation
* windows driver implementation*
https://stackoverflow.com/questions/22150896/is-it-possible-to-add-entropy-from-a-hardware-rng-to-the-windows-cryptoapihttps://www.microsoft.com/en-us/download/details.aspx?id=30688 Cryptographic Provider Development Kit
https://msdn.microsoft.com/en-us/windows/hardware/drivers/bringup/efi-rng-service-binding-protocol
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379942(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/aa380252(v=vs.85).aspx#key_generation_and_exchange_functions
https://msdn.microsoft.com/en-us/library/windows/hardware/ff553181(v=vs.85).aspx
*SSL information*
https://wiki.openssl.org/index.php/Random_Numbershttps://wiki.openssl.org/index.php/Random_fork-safety
http://www.amd.com/Documents/SDN-Whitepaper.pdf - Smart Software Defined Networks
http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf - Secure Encrypted Virtualisation Key Management
http://support.amd.com/TechDocs/Protecting%20VM%20Register%20State%20with%20SEV-ES.pdf - PROTECTING VM REGISTER STATE WITH SEV-ES
*T/C/RNG Providers*
http://whitewoodsecurity.com/products/entropy-engine/https://www.getnetrandom.com - provided by the whitewood security core they have now got both linux and windows services.
https://www.getnetrandom.com/quickstart-guide.pdf
http://whitewoodsecurity.com/wp-content/uploads/2016/02/Whitewood_net_Random_Data_Sheet.pdf
http://moonbaseotago.com/onerng/
http://ubld.it
http://qrng.anu.edu.au/index.php
http://random.irb.hr/
*****
Workers :
https://www.upwork.com/hire/driver-development-freelancers/
*news and paper*
https://eurekalert.org/pub_releases/2017-05/udg-rnh053117.phphttps://www.theregister.co.uk/2015/04/30/geneva_boffins_make_light_work_of_random_numbers/
https://arxiv.org/abs/1410.2790
(c)RS
*****
Q & A (Copyright Rupert S etc)
"how can you ensure that a particular kernel driver runs before other system processes?for example doesn't ASLR run way before anything else?"
the boot kernel drivers boot before the os with the network driver
(for secure network driver loading for server sessions)
keep a cache of rnd data and bingo
secured boot with high chaos maintenance
"to make USB tpm/dongle devices and boot is secure and the os is safe from intrusion (low priced preferably)"
the driver has to have a verified certificate
"everything makes sense here the details of boot kernel driver vs regular kernel module."
Microsoft and Redhat kernel drivers need certification on servers and generic OS implementation
go directly to them and register your certificate.
Get involved in the RNG Tools project and the kernel development for Linux,windows & mac,
Also android kernel is based on the Linux kernel but implemented though open source development and deviation from Linux source.
"What's your feeling on RNG Tools in general, and from the point of view of it being an optional component people have to consciously seek out and add in vs. being a "built in" part of a standard distribution?"
Personally i believe in RNGTools and the usage is a must!
Multiple sources of entropy and the hashing of that combined and injected though AES hardware
is not included..
Fortunately this is 4 weeks development at most.
So kernel inclusion of the driver base is a must (with the main tool being n protected space with distribution to user of AES; blowfish etcetera, hashed and expanded data
(c)RS
******
The places the random go...
Voyages of the scientific imagination.
https://www.technologyreview.com/s/609482/ai-is-dreaming-up-new-kinds-of-video-games/
https://www.technologyreview.com/s/529136/no-mans-sky-a-vast-game-crafted-by-algorithms/
Random is ever of use to science and creative imagination..
Least we forgo the unusual for common substance.
https://science.n-helix.com/2018/12/rng.html