| Walt Mankowski on 4 Mar 2007 13:50:33 -0000 |
|
On Sat, Mar 03, 2007 at 11:35:38PM -0500, Matthew Rosewarne wrote: > Equipment needed: > 1 _stereo_ FM radio with headphone port > 1 audio cable, 3.5mm stereo headphone jack to 3.5mm stereo headphone jack > 1 computer with microphone/line-in port > > I'm setting up a laptop with an encrypted 80GB disk. The laptop's user won't > be around for about a week, so I have plenty of time. I an advised that > encrypted partitions can be made safer if, before they are formatted, they > are filled with random data so that the encrypted parts are difficult to > locate for an attack. The problem is, where is this data supposed to come > from? As far as I can see, the Linux kernel gets its entropy from input > devices, hardware interrupts, and network activity. That may be fine for > generating enough random data to make the odd GPG key, but hardly enough to > fill 80GB, especially on a computer that doesn't have anyone at the keyboard > or any network activity. To the rescue comes the Audio Entropy Daemon, which > generates random data from the difference between the two channels of the > stereo sound captured by the sound card. > > http://www.vanheusden.com/aed/ > > How to use it: > > 1. Plug one end of the audio cable into the radio's headphone port and the > other end into the computer's microphone/line-in port > *I chose WHYY National Public Radio for the station, which is probably more > random than the pre-recorded music tracks on most stations > > 2. Adjust the mixer settings until you can hear the radio out of the > computer's speakers > > 3. Turn the speakers off, unless you want to listen to this for quite a while > *Don't just mute the sound card, that will render the daemon useless! > > 4. Download the tarball and run make on the contents (Read the README too) > tar xvzf audio-entropyd-0.0.6.tgz > cd audio-entropyd-0.0.6 > make > > 5. Make sure the ALSA-OSS modules are loaded > modprobe snd-pcm-oss > modprobe snd-mixer-oss > > 6. To see the difference the daemon makes, look at the random data being > generated without it. Note how little is written after the buffer empties > cat /dev/random > > 7. Now start the daemon, specifying the appropriate audio device with "-d" > ./audio-entropyd -d /dev/dsp0 > > 8. To see how effective the daemon is, look again at the random data. > cat /dev/random > > Now you can have as much random data as you like, and maybe even make The > Prairie Home Companion worthwhile. > > I have to wonder why this functionality isn't built into the kernel, does > anyone feel like a spot of hacking? That's a cute hack, but it seems like overkill to me. All you really need is enough entropy to seed your random number generator, then generate the actual random data with that. I also wonder: * How often would someone not have any keyboard or net activity, but have physical access to the machine with a radio? * 80 GB is enough data for about a day's worth of DVD-quality video. How much radio time will you need for that much entropy? I bet it's a lot longer than a week. I've got 3 days worth of music in iTunes and it only takes up 5 GB. * What do you have against Prairie Home Companion, anyway? Walt Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|