audio-entropyd

This is a small program to reseed the Linux kernel random number 
generator with data from soundcard.

Audio is ready periodically from a stereo soundcard, the difference
is taken between the left and right channels, the difference is 
hashed and credited to the KRNG.

Using the difference between the left and the right channels should
eliminate some external signals (e.g. 50/60hz power cycle). 

audio-entropyd also contains code to set all input gains to maximum
prior to audio reads. This should help get as many bits changing as
possible.

Additional protection against signals whose frequency is equal to, or 
a multiple of the buffer size is given by randomly delaying a few 
additional milliseconds between reads.

NB: The default settings are intended for the author's configuration
blindly adopting them could result in insecure seeding of the 
kernel random number generator.

Statistical measures of entropy on the difference between left and
right channels on the author's sound card average just over 0.3 bits
per byte. (measured eith 'ent' from http://www.fourmilab.ch/random/)

To test the raw differenced output, make a dump of the raw and 
seed material without updating the kernel:

audio-entropyd --no-update --wait 0 --raw-output /tmp/raw.out \
               --seed-output /tmp/seed.out 

Let this run for a minute or two and then kill it:

kill `cat /var/run/audio-entropyd.pid`

You should now have two files in /tmp - raw.out and seed.out containing
the raw difference data and the hash of it which would have been written
to the kernel (had you not specified --no-update).

Run you favourite tests on the data and calculate how much entropy 
you are getting from the raw data. You should also check the seed file
and ensure that it is random looking. Once you have an entropy estimate
you can decide how that you are going to actually credit to the kernel
RNG. It pays to be paranoid here, so take only a small percentage of
this.

It is possible to control how much data is collected is a read
operation (--read-size), what size seed it is hashed to (--seed-size)
and how many bits entropy are credited to the kernel RNG after each
read (--credit).

The author's defaults are:

read-size: 65536 (bytes)
seed-size: 60    (bytes)
credit:    320   (bits)

This means that each read will sample 65536 bytes of data (about 400ms),
hash it down to 60 bytes and credit only 320 bits of it into the kernel 
(a 60000+ fold reduction).

A few limitations here: the read-size must be a power of two and the 
seed-size must be a multiple of 20 (the length of an SHA1 hash).

Please report any problems or suggestions for improvement. Have a look
in the TODO file if you want to help.

Damien Miller <djm@mindrot.org>
