audio-entropyd is a software tool that uses sound data from the soundcard to replenish and enhance the random number generator function in Linux kernel. It is a lightweight solution for increasing system security and reliability.
The program also includes code to set all input gains to the maximum before audio reads, ensuring that as many bits are changing as possible. To safeguard against signals whose frequency is a multiple of the buffer size, audio-entropyd randomly delays reads by a few additional milliseconds.
However, it is essential to note that the default settings are intended for the author's configuration, and blindly adopting them could result in insecure seeding of the kernel random number generator. Therefore, to test the raw differenced output, it is advisable to make a dump of the raw and seed material without updating the kernel by running "audio-entropyd --no-update --wait 0 --raw-output /tmp/raw.out --seed-output /tmp/seed.out." After a few minutes, kill the program and analyze the data in the raw.out and seed.out files.
You can control how much data is collected during a read operation using the "--read-size" option, the seed size using "--seed-size," and how many bits of entropy to credit to the kernel RNG using "--credit." The default settings for reference are read-size: 65536 (bytes), seed-size: 60 (bytes), credit: 320 (bits).
One limitation of the program is the read-size, which must be a power of two, and the seed-size must be a multiple of 20. Please report any issues or suggestions for improvement.
In version 0.0.4, the method for entropy gathering has undergone a massive rewrite, and the program no longer exits when random data is not random enough. Instead, it skips the data and continues when the data is random enough again. This version also includes patches that make the program more intelligent for adding data to the entropy pool by Udo van den Heuvel.
Version 1.0.1: N/A