Announcement: PRNGD 0.9.0 available

Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
Fri Jan 19 05:39:22 EST 2001


Hi!

I have just made the 0.9.0 release of PRNGD available.

PRNGD is the Pseudo Random Number Generator Daemon.

It has an EGD compatible interface and is designed to provide entropy
on systems not having /dev/*random devices.
Software supporting EGD style entropy requests are openssh, Apache/mod_ssl,
Postfix/TLS... Automatic querying of EGD sockets at fixed locations has
been introduced in the development version of OpenSSL and will be included
in the 0.9.7 release. (Up to now, applications have to access an EGD like
software explicitly.)

This latest version of PRNGD now has its own PRNG built in, so that it does
not need installed OpenSSL libraries any longer (thus it does not make
problems when updating shared libraries).
It now provides the performance I want it to have, minus maybe some small
adjustments in usage or porting, and hence will lead to the 1.0.0 release.

Current (and new :-) users of PRNGD are encouraged to try the new version.
As always, your feedback (porting, bugs, design critics) is welcome.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153

Contents of 00README file:

Overview:
=========
- This is the PRNGD "Pseudo Random Number Generator Daemon".
  It offers an EGD compatible interface to obtain random data and is
  intented to be used as an entropy source to feed other software,
  especially software based on OpenSSL.
- Like EGD it calls system programs to collect entropy.
- Unlike EGD it does not generate a pool of random bits that can be
  called from other software.
  Rather more it feeds the bits gathered into its internal PRNG from which
  the "random bits" are obtained when requested. This way, PRNGD is
  never drained and can never block (unlike EGD), so it is also suitable
  to seed inetd-started programs.
  It also features a seed-save file, so that it is immediately usable
  after system start.

License:
========
- This software is free. You can do with it whatever you want.
  I would however kindly ask you to acknowledge the use of this
  package, if you are going use it in your software, which you might
  be going to distribute. I would also like to receive a note if you
  are a satisfied user :-)

Disclaimer:
===========
- This software is provided ``as is''. You are using it at your own risk.
  I will take no liability in any case.

Author:
=======
- Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>

Usage:
======
Usage of PRNGD is simple:

- Adjust the Makefile and config.h to fit your machine and compile "prngd".
  Install it at a place you like (e.g. /usr/local/sbin).
- Generate an /etc/prngd.conf file with commands to gather entropy. The
  format of the file is taken from the OpenSSH-portable package. See the
  included examples.
- Generate a start seed by some way. Use
    egc.pl /path/to/EGD read 255 > /etc/prngd-seed
  or cat some logfiles together
    cat /var/adm/syslog/mail.log /var/adm/syslog/syslog.log > /etc/prngd-seed
- Start prngd:
    /usr/local/sbin/prngd /var/run/egd-pool
  It might take a moment to read the initial seed, if you provided large
  files.
  Use egc.pl to check prngd really works:
    egc.pl /var/run/egd-pool get
  should yield the entropy in the PRNG pool as estimated by the PRNG.
  Obtain some random data for test
    egc.pl /var/run/egd-pool read 255
- You can shut down PRNGD cleanly (it will save actual random data back to
  the seed file) by sending it HUP or TERM.
    prngd --kill /var/run/egd-pool
  will send HUP for you.

egc.pl is part of the EGD package. You already have EGD, don't you??
Don't miss the original EGD!!!
  http://www.lothar.com/tech/crypto/

Porting:
========
- PRNGD has been developed on HP-UX 10.20 and (SuSE-)Linux. Support for
  other platforms has been provided by:
  Solaris 2.6: Louis LeBlanc <leblanc at mirror-image.com>
  Solaris 7: Phil Howard <phil-openssh-unix-dev at ipal.net>
  NeXTstep 3: Michael Weiser <michael at weiser.saale-net.de>
  IRIX 6.5: Michael Weiser <michael at weiser.saale-net.de>
  Tru64: James Bourne <jbourne at MtRoyal.AB.CA>
  Unixware 7: George Walsh <gjmwalsh at netscape.net> (not finished, yet, fails
  with "bind(): invalid argument"...)
- To port PRNGD to a new platform:
  * Check out the compiler and flags in Makefile
  * IMPORTANT: Adjust the path names in config.h, as these files are used to
    obtain seeding by size and modification/access times very frequently!!
  * Provide a prngd.conf file. The format is compatible to OpenSSH, so you
    can use a file created by the OpenSSH install process for you.
  * Send feedback to me, so that it can be added to the distribution :-)

Todo:
=====
- Too long to be listed :-)
- Engage "autoconf" to make this thing easier to port and configure.





More information about the openssh-unix-dev mailing list