Change list
- 11 Nov 2014 – added at as a dependancy, minor doc changes
- 5 Nov 2014 – added firmware validation, fixed multiple startup issues, support for buggy udevs
- 7 May 2014 – included .deb and .rpm files for Linux installation
- 29 Apr 2014 – added first part of Windows installation, added pics
- 22 Feb 2014 – Created
Contents
- Introduction
- Getting Started – Installation
- Security
- Theory of Operation
- Programming
- Purchase
- Licenses
- Downloads
- Links
- Credits
Introduction
Beta testers
Note to Linux beta testers if you got a beta unit prior to November 2014 your unit does not contain a signed firmware image – the software currently released on this page now checks the OneRNG’s firmware integrity before starting rngd – if your unit is working well there’s no real reason to update the software, if you’re having occasional reliability issues starting the unit then probably you should grab this new version of the support software, you can disable the firmware check by editing the configuration file /etc/onerng.conf
one
Goals
Simply:
- Cheap
- Reliable
- Open
- Hackable
Overview
Paranoia abounds! well maybe a bit – we are in a situation where we don’t trust our tools – especially our crypto tools – this project is an attempt to create a cheap open source entropy generator that’s open enough that one can verify and trust it.
We’ve based our design on an existing platform – our Cheap RF system – mostly because it’s cheap to build, we had existing hardware, and had just finished bringing up a USB stack for it
Our simple device is a USB stick, it is open source hardware, you can build your own, runs open source firmware – and you can physically open it to make sure that what’s inside is what you expect. With an external programmer you can also program it with your own firmware.
We generate ~350kbits per second of entropy packaged at ~7.8 bits/byte – if you use the entropy data at a lower it accumulates and we quickly approach 8 bits/byte.
Getting Started – Installation
Physical installation
First of all – have a look at the board, remove the ‘tin foil hat’ (a shield to keep the RF noise in and the external interference out) and make sure that the component layout looks like this:
In particular check that you have a CC2531 and that it is a 128k or 256k part – write that down somewhere
Stick it in any USB slot – the light should come on almost immediately – the light indicates that entropy is available in the device’s internal entropy pool – it will dim when entropy is being extracted. If you are using the RF noise source you may see it flicker periodically as the receiver shifts to a random channel. If it blinks in one or two 1 second blinks it indicates that the avalanche diode noise source is broken and the firmware has detected it is stuck at 0 or 1 – in this case data will not be entered into the entropy pool.
Linux Software Installation
Debian systems (Ubuntu, Mint, etc)
Remove the OneRNG from your system.
Start by installing rngd – use the command:
sudo apt-get install rng-tools at python-gnupg
Download the Debian package onerng_1-1_all.deb (md5: c98c66c23cf8deb0bf696d961483575f
sha256: bf77cf839d7cf162373f1161d0bb8f3dcae9d278c7d31f2034148a585a5db438).
Install it with:
sudo dpkg -i onerng_1-1_all.deb
Finish by plugging the OneRNG back into a USB slot.
You can remove the software with:
sudo dpkg -r onerng
RPM based systems (Redhat, etc)
Remove the OneRNG from your system.
Start by installing rngd – use the command:
sudo yum install rng-tools at python-gnupg
Download the rpm package onerng-1-1.fc20.noarch.rpm (md5: c12e0aca7f4501411170e530112f99f3
sha256: 1fbe45f8f1cc515553ab784c9bed2eca70e05cb1eb58c03de834ee7c9c42ff82).
For more detail: OneRNG Project Documentation