-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsnd-egd.1
129 lines (119 loc) · 5.17 KB
/
snd-egd.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
.\" Man page for snd-egd
.\"
.\" Copyright 2008-2022 Nicholas J. Kain
.\"
.TH snd-egd 1 "September 08, 2022"
.LO 1
.SH NAME
snd-egd \- sound card entropy gathering daemon
.SH SYNOPSIS
.SY snd-egd
.OP OPTIONS
.YS
.SH DESCRIPTION
snd-egd can convert analog sound signals into a source of entropy for the Linux
kernel random number device. The quality of entropy generated is dependent on
the input signal. White noise from radio signals between broadcast radio
stations (atmospheric noise) would be ideal, but just a simple disconnected
microphone or line input connector on a sound card with sufficiently high gain
will generate thermal noise.
The input data is not merely fed into the KRNG without any transformations;
whitening of the input data is first performed. The whitening method is simple
and relatively fast.
A configurable number of frames is sampled from both the left and right input
channels. The stream of input frames is transformed into the absolute value of
its derivative. This process effectively discards one frame.
Each bit from the frame is treated as a unique bitstream, and each channel is
handled separately in sequence. For each input bitstream, von Neumann's method
for normalizing the output of an unfair coin is performed, in order to remove
any bias that may exist in the source signal (and sound card / ADC).
This whitening method should be fine assuming that the change in probability of
a 1 or 0 bit for any given input bitstream is continuous with respect to time.
This is ensured by using the absolute difference in value between samples per
channel. Since temperature is probably the largest influence in real world
situations, this assumption should be fine.
Speed of random number generation is dependent on having well-distributed input
bitstreams. This will be mostly dependent on having proper mixer settings.
It's quite feasible for a stereo, 16-bit HDA sound chip to produce ~38KB/s of
random data with the current approach.
This approach discards a lot of data compared to direct sampling of sound card
output; it is typical to see around 80% of all sound card output discarded in
my own tests, but whitening should provide better output data that populates
the entire range of possible bytes regardless of the dynamic range of the
input data.
For higher performance, the amount of data sampled from the sound card varies
dynamically to keep a static ring buffer of entropy filled with minimum waste.
Entropy quality is not checked, since it is only possible to discard obviously
non-normalized inputs, and normalization is performed by default. Entropy
quality will be dependent on the source of the input signal. Frequency
statistics of each possible byte of output are kept, and are useful for
ensuring that the output is not insane -- it should be well-dispersed if
the input is indeed random.
.SH OPTIONS
.TP
.B \-\^d , \-\-device=DEVICE
Specifies the ALSA device name that will be sampled for input. The default
is 'hw:0'.
.TP
.B \-\^i , \-\-item=ITEM
Specifies the subitem of the ALSA device that will be used for the input. The
default is 'capture'.
.TP
.B \-\^r , \-\-sample-rate=HZ
Specifies the sample rate of the ALSA device that will be used for the input. The
default is 48000.
.TP
.B \-\^s , \-\-skip\-bytes=NUMBYTES
Specifies the number of bytes of input from the sound card that will be
ignored after the sound card device is opened. Many sound cards create
popping noises or similar when brought back from sleep state, so this
option allows for those predictable samples to be skipped. Default
is 192000.
.TP
.B \-\^t , \-\-refill-time=SECONDS
Specifies the number of seconds between entropy refills. A pool-size
amount of entropy will be supplied at this regular interval. Defaults
to 60 seconds.
.TP
.B \-\^u , \-\-user=USERNAME
Specifies the user name that snd-egd should change to once it has confined
itself to a chroot. This account should be a unique account with no access
to files outside of the chroot.
.TP
.B \-\^c , \-\-chroot=PATH
Specify the location into which snd-egd should chroot itself. The default is
to not chroot.
.TP
.B \-\^v \-\-version
Print version information and exit.
.TP
.BR \-\^h \-\-help
Print abbreviated help and exit.
.SH CONFIGURATION
It is important that the sound card be properly configured. A non-muted
capture channel should be specified, and that channel gain should be set
reasonably to ensure fast entropy gathering. Higher quality random input
to the sound card will produce better results.
snd-egd does not process inputs other than those from the sound card and
the kernel syscalls for querying the state of the random device, so it
should not pose a security issue. Nevertheless, snd-egd is capable of
restricting its capability set to the minimum required (CAP_SYS_ADMIN)
and running as an otherwise normal user and group. It can also be
safely restricted to an empty directory via chroot.
.SH SIGNALS
.TP
SIGHUP, SIGINT, SIGTERM:
Exits the program.
.TP
SIGUSR1:
Prints character counts for each possible byte of output.
.TP
SIGUSR2:
Toggles debug outputs.
.SH ENVIRONMENT
snd-egd ignores its environment.
.SH BUGS
None known, otherwise they would be fixed. Please report any that you may
find.
.SH AUTHOR
Nicholas J. Kain <njkain (at) gmail.com>