Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. This prevents /dev/random from ever becoming empty. This is useful, for example, for virtual machines which naturally have no source of randomness.
|Tags||Security Cryptography random|
Release candidate 1 of version 1.0 of entropy broker is available. Please give it a try. Apart from bug-fixes do not expect more new features in the final v1.0 release. NOTE: v1.0 is NOT compatible with older versions because of network-protocol- and configuration changes! - network connections are now authenticate, also entropy-data is now encrypted(!) - video4linux2 support so it works with recent kernels again - if the memory pools are full, it will now create files on disk containing the data for later use - server_v4l: try to send all data, do not limit by protocol packetsize limit - when mixing data into a pool, use blocks as large as possible. this improves cpu usage as well as accuracy of calculation of entropy-count - use larger sleeps for client/servers that try to re-connect to the broker process (in case of failure) - to reduce network load - log exit-failures to the logfile/syslog - write pid to a file - linux kernel client: show the correct new entropy count - catch signals and, in case of the broker, store data into files before exiting - improved entropy count estimation - elaborated on the manual - added new entropy estimator ('compression' using zlib) - bits-per-second calculation fixes - pool: add bits, use real number of bytes instead of fixed 56 bytes in length. this prevents false number of bits added - older client & server-versions would poll every so and so seconds to see if there is new data (-to store (server)), the new version will signal the clients/servers. this reduces the time that the client is without data and the time that the broker is without data (latency). no worries: this signalling (push) happens via the existing tcp-connection so it is firewall- friendly - client_egb was severly broken: if the broker would ping of request an entropy-count, the program would abort - added client_file which is a regular client but stores its output in a file on the local disk. this is for example usefull when you want to analyze the quality of the data - (in memory-) pool merging, which improves the usage of the number of pools - the entropy estimation can now also be done using zlib-compression. this, because the regular method (shannon) might be too conservative. the compression method is a lot slower though - added server_linux_kernel which retrieves entropy data from a linux kernel. this is usefull when you have a system with an RNG in the chipset which automatically feed its data to the kernel rng - older server daemons would throw away gathered data when it could not be send to the broker. the new version will keep trying untill it succeeds. should reduce resource usage - handle tcp sessions that silently fail - e.g. when a server running the broker suddenly hard reboots (unclean reboot) as then the clients/servers don't get a tcp reset or so
Release Notes: This release adds a Web interface for viewing usage statistics, per-user bandwidth limits, and many small fixes.
Release Notes: This release fixes crashes with the Linux kernel client.
Release Notes: Entropy broker is now fully multi-threaded so that no client can block the broker, and higher bitrates can now be achieved. The OpenSSL dependency has been replaced by the crypto++ library. A 'configure' script has been added. This release has been checked for software defects with Coverity. The network protocol has been adapted for bigger block sizes. Ciphers/hashes are now fully user selectable. There is reduced broker entropy usage.
Release Notes: This release has full IPv6 support, has bps output fixes, can now retrieve entropy data from smart cards, and has support for multiple broker servers. EGD server/client now supports TCP as well (for better compatibility with EntropyKey). There are fixes for Fedora and Coverity warning fixes.
Release Notes: Support for ComScire R2000KU RNG. User authentication instead of shared password. The mix function as well as the hash function is now configurable. Configurable pool size. Data transmitted over the network can no longer be tampered with without it being detected. The data stream is now also encrypted. Two-way authentication between broker and clients/servers.