EGD: The Entropy Gathering Daemon

A userspace substitute for /dev/random, written in perl.
One of the nice features of the Linux kernel (and certain *BSD kernels) is the /dev/random device. This is a little character device that gives you random numbers when you read it. In a variety of places scattered throughout the kernel, certain interrupts (network packets arriving, keyboard hits, mouse movement) cause a timestamp and some event information to be hashed into an "entropy pool". The pool, perhaps 4k in size, always contains very random data, but as bits are "stirred" in, a counter is incremented to reflect the fact that the poll is now even more random than before. When you read from /dev/random, you get a hashed portion of the pool, and the counter is decremented. This gives you high quality cryptographically strong random data.

The Gnu Privacy Guard (GPG), along with many other encryption routines (pgp, ssh, even the sequence-number selection algorithm used by the kernel's TCP stack), use this device to seed a secure random number generator. Encryption uses lots of random data, and hybrid public-key/ symmetric-cipher encryption uses even more.

EGD is an Entropy Gathering Daemon meant to be used on systems that can run GPG but which don't have this convenient source of random bits. It is a regular user-space program that sits around, running programs like 'w' and 'last' and 'vmstat', collecting the randomness (or at least the unpredictability) inherent in the output of these system statistics programs when used on a reasonably busy system. It slowly stirs the output of these gathering programs into a pool of entropy, much like the linux kernel device, and allows other programs to read out random bits from this pool.

EGD is meant to be used with GPG, but other programs can use it too. The current release of GPG has a module called randegd which knows how to speak the EGD protocol, allowing GPG to be used securely on non-Linux systems.

EGD is written in perl, which helps make it a lot more portable since perl runs on so many systems. It is designed to deal with a wide variety of possible entropy gatherers, discovering at runtime which ones are available and where they are located.

I'd love to get feedback on how it works on a wide variety of systems, especially those that I don't have access to.

Important Security Note:

egd-0.6 had a major security problem that caused it to only use a tiny fraction of the entropy it gathered. All users should upgrade immediately.

Download:

EGD is available for download from the SourceForge Download page: It is also available via FTP and HTTP from my home page. It is signed with my public key, available on my home page and from the keyservers.

For more information, visit the SourceForge project page. There you can file bugs and get the latest patches.

How To Use With GPG:

(this text is copied out of the README.. for more details, READit)

HOW TO USE EGD WITH GPG:

First, you'll need to configure GnuPG to use EGD for its random number needs. If you are compiling GPG, the easiest way to do this is at configure time. Add --enable-static-rnd=egd to the arguments you give to ./configure. If you have a pre-compiled version of GPG that wasn't configured this way, you should be able to use a loadable extension module to accomplish the same thing; try adding:

load-extension rndegd
to your ~/.gnupg/options file, or use --load-extension=rndegd on the command line when you run GPG. Since a system that doesn't have /dev/random at compile time probably won't have it at runtime, configuring rndegd statically makes a lot more sense.

Second, you need to have the daemon running. EGD listens on unix-domain socket for entropy requests. Unless you modify the path name in the GnuPG file "cipher/rndegd.c", GPG will look for this socket in your home directory, in ~/.gnupg/entropy (specifically it will look for "entropy" in the same directory that has your keyrings, the "--homedir"). So you need to tell EGD to listen there. Simply start the daemon as follows:

egd.pl ~/.gnupg/entropy
If you've never run GPG before, you'll have to create your ~/.gnupg directory yourself (gpg will make it for you the first time it's run). The daemon automatically forks itself into the background. Wait a few minutes for it to collect some entropy. After that, GPG should run just like usual. If you encrypt or sign stuff too frequently, you may get messages telling you to wait as more entropy is gathered. Just give the daemon a few minutes to gather more entropy, and GPG will continue along.

Using EGD with other programs

Bugs

The Solaris 8 problem (present in EGD-0.7) should have been fixed in EGD-0.8 . The symptom was that all gatherers are marked as unusable and the available entropy quickly drops to zero.

Many Solaris systems have a misconfigured perl installation which causes a problem when trying to compile the SHA module included with EGD. See the FAQ for more details.

The SourceForge Project Page is the place to look for known bugs and to file new ones. There is also a FAQ available in the distribution tarball.

Use the discussion forums at SourceForge as a place to post questions and contact other EGD users.

Related Projects


SourceForge Logo
Brian Warner <warner-egd@lothar.com>
Last modified: Thu Jul 25 01:45:23 PDT 2002