bitnuts.de logo   Downloads About Contact

Using the Hardware RNG on Raspberry Pi

In computers there is actually no true randomness. What we call random numbers often originates in deterministic "fake" random number generators (RNG). Such RNG are algorithms that can be used to create numbers which pretty much look like they are randomly generated, but they are computed and thus not really random. Real randomness comes from thermal noise in analogue components which can be sampled. Such sampled values are then often pre-processed by some sort of scrambling algorithm to create a series of random numbers. Well, the Raspberry Pi has such an analog circuit in its SoC that can help making the random seed that we would call "real" randomness.

On a current Raspbian Stretch you can access the randomness by just calling

sudo cat /dev/hwrng

If you would like to access it with user level access permissions you could do

sudo chmod a+r /dev/hwrng

To make the change permanent, make the following change (as root) in the /etc/rc.local:

chmod a+r /dev/hwrng

If you would like to generate a 1 megabyte file with random numbers (bytes), use the following command:

dd if=/dev/hwrng of=hwrng-test-data.bin bs=1024 count=1024

In OpenSSL you can use the random source like this:

openssl genrsa -rand /dev/hwrng 2048

OpenSSL's internal PRNG uses a 1024 byte pool mixing entropy with a SHA-based function, so the more bytes mixed in, the better. It cannot hurt to add entropy into the pool and this should not decrease overall security (and randomness) for the crypto keys at all.