Public bug reported:
[Availability]
rng-tools is in universe and builds on all architectures.
[Rationale]
ARM based Snappy Ubuntu Core devices typically have a hardware number
generator exposed through /dev/hwrng. The rngd daemon, from rng-tools,
is needed to read from /dev/hwrng and prime /dev/random. This will allow
programs that use /dev/random to generate keys to quickly generate
strong keys without blocking on reads from /dev/random.
The rng-tools package should be part of the Snappy Ubuntu Core image to
aide in key generation. It may be desirable to include it in other
images (server, cloud, desktop) in the future.
The rngd daemon is also useful on most business-class laptops as well as
workstations and servers that have a TPM chip. The tpm-rng module can be
loaded at boot time, after manually updating /etc/modules, so that the
TPM's random number generator is used to back the /dev/hwrng device
file.
[Security]
rngd is a daemon running as root. The amount of code involved is very
small but there is a slight security concern. The Ubuntu Security team
will do an audit.
[Quality assurance]
rngd works out of the box when /dev/hwrng is backed by a hardware random
number generator. If /dev/hwrng is not backed by anything, rngd simply
exits.
There is a long-term outstanding bug (bug #571728) but I doubt that it
is still valid in newer releases and the reporter claims that it is
specific to his laptop model, as well. I'm in the process of
investigating this bug on my hardware.
rng-tools in Ubuntu has diverged from the rather old version in Debian.
We are currently in sync with the latest upstream version.
rng-tools has a diagnostic tool, rngtest, that can be used to run
through FIPS tests that "grade" the random date provided by /dev/hwrng.
[UI standards]
rng-tools is primarily a system level daemon and provides no user facing
surfaces.
[Dependencies]
All build and binary dependencies are already in main.
[Standards compliance]
I believe the package is in good shape in these regards.
[Maintenance]
rng-tools is very simple and the Ubuntu Security team will subscribe to
their bugs.
[Background information]
N/A
** Affects: rng-tools (Ubuntu)
Importance: High
Status: New
** Description changed:
[Availability]
rng-tools is in universe and builds on all architectures.
[Rationale]
- Arm based Snappy Ubuntu Core devices typically have a hardware number
+ ARM based Snappy Ubuntu Core devices typically have a hardware number
generator exposed through /dev/hwrng. The rngd daemon, from rng-tools,
is needed to read from /dev/hwrng and prime /dev/random. This will allow
programs that use /dev/random to generate keys to quickly generate
strong keys without blocking on reads from /dev/random.
+
+ The rng-tools package should be part of the Snappy Ubuntu Core image to
+ aide in key generation. It may be desirable to include it in other
+ images (server, cloud, desktop) in the future.
The rngd daemon is also useful on most business-class laptops as well as
workstations and servers that have a TPM chip. The tpm-rng module can be
loaded at boot time, after manually updating /etc/modules, so that the
TPM's random number generator is used to back the /dev/hwrng device
file.
[Security]
rngd is a daemon running as root. The amount of code involved is very
small but there is a slight security concern. The Ubuntu Security team
will do an audit.
[Quality assurance]
rngd works out of the box when /dev/hwrng is backed by a hardware random
number generator. If /dev/hwrng is not backed by anything, rngd simply
exits.
There is a long-term outstanding bug (bug #571728) but I doubt that it
is still valid in newer releases and the reporter claims that it is
specific to his laptop model, as well. I'm in the process of
investigating this bug on my hardware.
rng-tools in Ubuntu has diverged from the rather old version in Debian.
We are currently in sync with the latest upstream version.
rng-tools has a diagnostic tool, rngtest, that can be used to run
through FIPS tests that "grade" the random date provided by /dev/hwrng.
[UI standards]
rng-tools is primarily a system level daemon and provides no user facing
surfaces.
[Dependencies]
All build and binary dependencies are already in main.
[Standards compliance]
I believe the package is in good shape in these regards.
[Maintenance]
rng-tools is very simple and the Ubuntu Security team will subscribe to
their bugs.
[Background information]
N/A
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1564675
Title:
[MIR] rng-tools
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rng-tools/+bug/1564675/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
