Scroll to navigation

JITTERENTROPY-RNGD(1) General Commands Manual JITTERENTROPY-RNGD(1)

NAME

jitterentropy-rngd - CPU Jitter Random Number Generator Daemon

SYNOPSIS

jitterentropy-rngd [OPTION]

DESCRIPTION

The jitterentropy-rngd application provides a source of good entropy by collecting CPU execution time jitter. The collected entropy is injected into the Linux kernel /dev/random device using the RNDADDENTROPY ioctl described in random(4).

The entropy in the CPU execution time jitter is magnified by the CPU Jitter Random Number Generator. The CPU Jitter Random Number Generator uses the CPU execution timing jitter to generate a bit stream which complies with different statistical measurements that determine the bit stream is random.

The CPU Jitter Random Number Generator works equally well in virtualized environments as well as on bare-metal provided a high-resolution timer is made available with the clock_gettime() function. The currently use timer can be checked by reading the file /sys/devices/system/clocksource/clocksource0/current_clocksource. If the clock source shall be changed, one of the available clock sources listed in the file /sys/devices/system/clocksource/clocksource0/available_clocksource can be written into the mentioned current_clocksource file and the kernel immediately changes the use clock.

The CPU Jitter Random Number Generator unconditionally injects 256 bits of entropy into the Linux kernel during startup time before it daemonizes. Thus, when the invocation of the jitterentropy-rngd returns, the Linux kernel is seeded with at least 256 bits of entropy. The reader should consider that the Linux kernel performs a schedule operation during the injection of data which implies that immediately after starting the jitterentropy-rngd the kernel may still complain about insufficient entropy available for /dev/urandom.

The following options are supported when invoking jitterentropy-rngd:

-v, --verbose
enable a verbose operation of the daemon. Using this option multiple times increases the verbosity. Using this option implies that the jitterentropy-rngd will not daemonize.
-p, --pid [FILE]
triggers the creation of a PID file at the given location.
-h, --help
displays the help text
--version
returns the version number of the jitterentropy-rngd.

NOTES

The CPU Jitter random number generator MUST NOT be compiled with compiler optimizations. A pre-processor check enforces this requirement.

The random bit stream generated by jitterentropy-rngd is NOT processed by a cryptographically secure whitening function. Nonetheless, it is believed that the output can be used as a source for cryptographically secure key material or other cryptographically sensitive data.

SEE ALSO

random(4) clock_gettime(2)
2017-02-11