RIOT icon indicating copy to clipboard operation
RIOT copied to clipboard
verified publisher icon RIOT-OS

prng: how to seed the random number generator?

Open OlegHahm opened this issue 9 years ago • 13 comments

As @haukepetersen stated in today's meeting, this problem is two-fold:

  1. How to multiplex the PRNG initialization for different sources for the source (and boards without a hardware ~~P~~RNG)?
  2. How to generate a source for randomness for boards without a hardware ~~P~~RNG

(edit: the hardware RNG isn't "pseudo-" ;-) /martine)?

OlegHahm avatar Mar 23 '16 13:03 OlegHahm

I implemented something like that a while back and opened a PR for it now: #5153.

miri64 avatar Mar 23 '16 15:03 miri64

(it offers a solution for both problem parameters).

miri64 avatar Mar 23 '16 15:03 miri64

Fixed issue description.

miri64 avatar Mar 23 '16 15:03 miri64

A value read with DEV_RANDOM_READ can then be used to initialize the random number generator in auto_init or somewhere like that.

miri64 avatar Mar 23 '16 15:03 miri64

There's also #4294. It can use drift between two crystals when there are no "natural" random sources.

kaspar030 avatar Mar 23 '16 21:03 kaspar030

We could include that into #5153. I still have a bad feeling about your spiking of the PNRG there.

miri64 avatar Mar 23 '16 23:03 miri64

Spiking?

kaspar030 avatar Mar 23 '16 23:03 kaspar030

The introduction of entropy into the result chain of the PNRG you did there.

miri64 avatar Mar 23 '16 23:03 miri64

Some recent developments on Linux can be relevant here as well:

  • http://phoronix.com/scan.php?page=news_item&px=LRNG-dev-random-V2
  • http://www.chronox.de/lrng/doc/lrng.pdf
  • http://lkml.iu.edu/hypermail/linux/kernel/1604.3/00029.html

jnohlgard avatar Apr 30 '16 07:04 jnohlgard

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you want me to ignore this issue, please mark it with the "State: don't stale" label. Thank you for your contributions.

stale[bot] avatar Aug 10 '19 12:08 stale[bot]

@Einhornhool could maybe take a look at this. Out of my had I would say: Use puf_sram or a true hardware RNG.

maribu avatar Sep 16 '22 12:09 maribu

For multiplexing different sources, the mbedTLS entropy module could be an option (#15671). As a source of randomness on boards without a HWRNG, puf_sram can be used (like @maribu said).

Einhornhool avatar Sep 19 '22 08:09 Einhornhool

Looking in the code (auto_init_random() in sys/random/random.c), puf_sram or a hardware RNG are already used to seed the PRNG, when available. The fallback is to used luid_get() (which would at least result in different boards using different seeds) or a default constant.

I guess this means we should make try to get puf_sram supported for all boards and everything will be fine.

maribu avatar Sep 19 '22 08:09 maribu