True Random Number Server

Introduction

This server uses hardware true random number generators (TRNG) to serve out true random bits to the Internet. Those bits are created using 5 Entropy Keys from http://entropykey.co.uk, an on-board Broadcom TRNG chip, and an entropy gathering daemon called haveged. As a result, these bits are of very high quality for use in the most demanding cryptographic applications, such as long term OpenPGP keys or SSL certificates. It's important to understand that these bits are not the result of a pseudorandom number generator, or PRNG such as you will find in most operating systems and software applications.

These bits are available for anyone on the Internet to use, free of charge. The benefit to you is to keep your entropy pool filled with high quality, true random data. Keeping your pool filled will speed up cryptographic software applications that need a lot of entropy for generating one-time session keys, long term keys, passwords, etc. You can follow the status of these entropy keys at http://zen.ae7.st/munin/ae7.st/hundun.ae7.st/index.html#sensors.

NSA Concerns

Former NSA contractor Edward Snowden has revealed that the NSA has been involved with sweeping data collection and analysis on Americans, violating their Fourth Amendment rights to search. This places even more priority to use cryptography for your day-to-day communications. Using true randomness that has not been tampered with is the only way to create mathematically secure cryptographic keys. Unfortunately, I do not know whether or not the Entropy Keys and the Broadcom chip creating random data has been tampered with by the NSA. Please use caution when using these bits.

Motivation

The domain "hundun.ae7.st" is assembled from two pieces. First is the concept of chaos in Chinese cosmogony. Hundun is the "primordial and central chaos", literally the power of chaos in Zen and the Tao. However, hundun is the supreme ideal of Taoism. Rather than noise as the Western society would have it, chaos is wholeness, oneness and nature. Chaos is the natural state of the world and the universe. Chaos is aesthetically pleasing- a state all taoists wish to achieve.

The second part of the fully qualified domain name, ae7.st, comes from my Amateur Radio callsign, AE7ST, who is Aaron Toponce, the administrator of this site. So, you could think of hundun.ae7.st as literally "chaos coming from Aaron Toponce". Further, having visited http://random.org, I wanted to provide random data to the community that they could do with as they pleased, rather than hand out the results. Thus, this server was created.

Setup

If you are interested in receiving these bits, you will need to install some software on your system to act as a client receiving them. I will assume that you are running Debian GNU/Linux as the client. Any GNU/Linux operating system should suffice, however. I have not tested this procedure with BSD, Mac OS X, Windows or mobile operating systems. However, the general idea is to connect to port 1337, decrypt the SSL-encrypted packets, and feed them into your operating system's entropy pool.

First install the software:

$ sudo aptitude install stunnel4 ekeyd-egd-linux

Configure stunnel to start on boot by editing the /etc/default/stunnel configuration file:

# /etc/default/stunnel
# Julien LEMOINE <speedblue@debian.org>
# September 2003

# Change to one to enable stunnel automatic startup
ENABLED=1
FILES="/etc/stunnel/*.conf"
OPTIONS=""

# Change to one to enable ppp restart scripts
PPP_RESTART=0

Then configure Stunnel to connect to the remote port by adding the following to your /etc/stunnel/stunnel.conf configuration file:

client=yes
[ekeyd]
accept=8888
connect=65.100.223.163:1337

Then configure the ekeyd-egd-linux client to start on boot by editing the /etc/default/ekeyd-egd-linux configuration file, and change the reconnect to 60 seconds, in the event of a network connection timeout:

# Change to YES to allow ekeyd-egd-linux to start. Ensure the below are
# correctly configured first though.
START_EKEYD_EGD_LINUX=YES

# Change this if you want it to be something other than the default
# HOST=127.0.0.1
# PORT=8888

# Number of bits minimum in the pool, below which the daemon will kick in
# and transfer data from the EGD to the pool (providing it's available)
# WATERMARK=1024

# Number of 1024 bit (128 byte) blocks to transfer to the kernel each
# time it dips below the low water mark.
# BLOCKS=3

# How many shannons-per-byte to claim for data pushed to the pool
# SHANNONS=7

# How many seconds between connection retries. Zero means do-not-retry.
RETRYTIME=60

Now (re)start the stunnel and ekeyd-egd-linux daemons:

$ sudo /etc/init.d/stunnel restart
$ sudo /etc/init.d/ekeyd-egd-linux restart

Verify now that you have made the connection, and that you are filling your entropy pool:

$ netstat -tan | awk '/ESTABLISHED/ && /65.100.223.163:1337/' 
tcp        0      0 10.80.86.100:35829     65.100.223.163:1337     ESTABLISHED
$ cat /proc/sys/kernel/random/entropy_avail
3968

Quality Assurance

You should be very concerned about me tracking which bits I have sent to established connections. However, I promise I am not tracking which bits are sent to which IP address. That's too much work, and I'm really not that interested. I don't even want my ISP, nor your ISP, to know which bits I have sent or that you have received, thus the requirement to send this over SSL. However, if you are worried about me tracking which bits you have received, then please don't use this service.

Using these bits is completely harmless. Anyone on the system can write to /dev/random. Writing non-random, predictable data is harmless. Worst case, your entropy pool will not increase. Further, you can test the quality of randomness that I am serving, by using some random number tests, such as the FIPS 140-2 tests by rngtools, as shown below.

$ timeout 90m rngtest < /dev/random
rngtest 2-unofficial-mt.14
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 2761920
rngtest: FIPS 140-2 successes: 138
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=448.557; avg=511.442; max=642.006)bits/s
rngtest: FIPS tests speed: (min=11.226; avg=79.012; max=176.606)Mibits/s
rngtest: Program run time: 5400000922 microseconds

Warning

This server is powered currently by a Raspberry Pi running Nginx behind a crappy DSL connection. As a result, I am constantly monitoring for abuse or heavy connections. If you are abusing my light setup, I will firewall you away from the hardware, and you will not be able to use the service. If you use the above defaults, and leave your box powered on 24/7, everything will be fine. If you change the WATERMARK to 4096, and run a cluster of computers as clients to this setup, you will likely be banned. So, please don't ruin it for everyone else by flooding my pipe with your datacenter. Instead, spend the $40 on your own entropy keys. If you are unsure, email me at aaron.toponce@gmail.com. Thanks.

Valid XHTML 1.0!Valid CSS!