You can use a cheap RTL-SDR USB dongle as an entropy source for your linux machine using the rtl-entropy project.

Installation[edit]

Depending on your system, you might not have the rtl-entropy package. In which case, you will need to compile it manually.

Install the rng-tools package, and also the rtl-entropy dependencies:

  • rng-tools
  • rtl-sdr-devel
  • libcap-devel
  • openssl-devel

Get and compile rtl-entropy:

git clone https://github.com/pwarren/rtl-entropy.git
cd rtl-entropy
mkdir build
cd build
cmake ../
make

Run make install or copy the src/rtl_entropy binary to somewhere on the system such as /usr/bin.

Usage[edit]

rtl_entropy will by default generate an socket at /var/run/rtl_entropy.fifo. Use the rngd to use this socket as an entropy source for /dev/random. This is accomplished by running:

rtl_entropy -s 2.4M -e -b
rngd -f -r /var/run/rtl_entropy.fifo

rtl_entropy Arguments[edit]

Arguments passed to rtl_entropy are:

-s sample rate
-e Use Kaminsky debiasing
-b run as a daemon.

Because we are capturing radio, it is possible for an attacker to influence our random pool and possibly any keys generated using this pool. The rtl-entropy developer mentions this on the project's github page and recommends enabling the -e option to turn on Kaminsky debiasing. This in essence makes influencing the entropy pool harder to guess by an attacker.

rngd Arguments[edit]

Arguments passed to rngd are:

-f Run in the foreground
-r Specify the entropy device
-W The watermark size (defaults to 2048 bits or typically half of the entropy pool size)

The watermark size defines how much influence this device has on the random pool. Setting this too high means the device will dominate the contents of the entropy pool.

To see the current entropy pool size on your system, run

cat /proc/sys/kernel/random/poolsize

To see the current entropy bits available, run:

cat /proc/sys/kernel/random/entropy_avail

Creating a Service[edit]

To run the utilities above, create or edit the Systemd service file with the following contents.

/usr/lib/systemd/system/rtl-entropy.service:

[Unit]
Requires=rngd.service
Description=RTL Entropy Gatherer Daemon

[Service]
ExecStartPre=/usr/bin/mkfifo /var/run/rtl_entropy.fifo
ExecStart=/usr/bin/rtl_entropy -s 2.4M -o /var/run/rtl_entropy.fifo -e -q 1

[Install]
WantedBy=multi-user.target

/usr/lib/systemd/system/rngd.service:

[Unit]
Requires=rtl-entropy.service
Description=Hardware RNG Entropy Gatherer Daemon

[Service]
ExecStart=/sbin/rngd -f -r /var/run/rtl_entropy.fifo
SuccessExitStatus=66

[Install]
WantedBy=multi-user.target

See Also[edit]