OneRNG Hardware Random Number Generator

I’ve wanted a hardware random number generator since I read about them in a tutorial for setting up a GnuPG Smart Card but the one they used wasn’t being manufactured anymore. Enter the OneRNG.

I started my search for another one and came across the OneRNG. At the time of purchase, I paid ($40) and waited for it to arrive. I ended up waiting a couple of weeks since it shipped from China.

Once it arrived I installed the software and tested it out.

Inspecting the OneRNG

One of the ‘features’ of this device is that it’s completely open. Open meaning open source software and hardware. You can physically inspect every aspect. They have images and schematics you can compare your device with to ensure that your device hasn’t been tampered with in transit. I looked mine over and took some pictures.

OneRNG Top View

Top view

Take the ‘tin foil hat’ off and it reveals the components:

OneRNG Top View (Lid Off)

Top view – lid off

The back of the device is pretty boring, but you can see the traces.

OneRNG Back View

Back view

Setting up the OneRNG

It doesn’t take much to get going with the OneRNG. A few packages and you’re ready to create oodles of random data.

Installing software

In order for this thing to work properly, we need to install some packages on our host system.

[user@mainpc:~]$ sudo apt install at openssl python-gnupg rng-tools

Finally, download the host software from their site, verify, then install it:

[user@mainpc:Downloads]$ wget -O onerng.deb 'https://github.com/OneRNG/onerng.github.io/blob/master/sw/onerng_3.6-1_all.deb?raw=true'

[user@mainpc:Downloads]$ sha256sum onerng.deb
a9ccf7b04ee317dbfc91518542301e2d60ebe205d38e80563f29aac7cd845ccb onerng.deb

[user@mainpc:Downloads]$ sudo dpkg -i onerng.deb

You can and should verify what I typed here at the Official Site:
http://onerng.info/onerng/


System Info

Here’s the output of a few commands to show what the output is whenever the device is installed.

Package

Let’s check to make sure the host software was installed properly.

The two i‘s (ii) at the beginning of the output stands for:

  • desired = installed
  • status = installed
  • error = none
[user@mainpc:~]$ sudo dpkg --list onerng | tail --lines 1
ii onerng 3.6-1 all Driver for the OneRNG open source hardware entropy generator
dmesg

Now we can check to see if the system recognizes it and what tty it’s assigned to.

[user@mainpc:~]$ sudo dmesg | grep usb
 
[    1.887348] usb 2-8: new full-speed USB device number 5 using xhci_hcd
[    2.030122] usb 2-8: New USB device found, idVendor=1d50, idProduct=6086
[    2.030124] usb 2-8: New USB device strings: Mfr=1, Product=3,
SerialNumber=3
[    2.030125] usb 2-8: Product: 00
[    2.030126] usb 2-8: Manufacturer: Moonbase Otago
http://www.moonbaseotago.com​/random
[    2.030126] usb 2-8: SerialNumber: 00

[user@mainpc:~]$ sudo dmesg | grep ttyACM
[   20.423233] cdc_acm 2-2:1.0: ttyACM0: USB ACM device
[  105.404973] cdc_acm 2-1:1.0: ttyACM0: USB ACM device
lsmod

Checking that the system modules are in use

[user@mainpc:~]$ lsmod | grep cdc_acm
cdc_acm                28672  2
usbcore               253952  7 usbhid,ehci_hcd,cdc_acm,usblp,xhci_pci,xhci_hcd,ehci_pci
lsusb

Gather all the info about the device plugged in to the USB port.

[user@mainpc:~]$ sudo lsusb -v
 
Bus 002 Device 005: ID 1d50:6086 OpenMoko, Inc.
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass            2 Communications
  bDeviceSubClass         0
  bDeviceProtocol         0
  bMaxPacketSize0        32
  idVendor           0x1d50 OpenMoko, Inc.
  idProduct          0x6086
  bcdDevice            0.09
  iManufacturer           1 Moonbase Otago http://www.moonbaseotago.com​/random
  iProduct                3 00
  iSerial                 3 00
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength           67
    bNumInterfaces          2
    bConfigurationValue     1
    iConfiguration          0
    bmAttributes         0x80
      (Bus Powered)
    MaxPower              200mA
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           1
      bInterfaceClass         2 Communications
      bInterfaceSubClass      2 Abstract (modem)
      bInterfaceProtocol      1 AT-commands (v.25ter)
      iInterface              0
      CDC Header:
        bcdCDC               1.10
      CDC ACM:
        bmCapabilities       0x06
          sends break
          line coding and serial state
      CDC Union:
        bMasterInterface        0
        bSlaveInterface         1
      CDC Call Management:
        bmCapabilities       0x00
        bDataInterface          1
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x82  EP 2 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0020  1x 32 bytes
        bInterval              64
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        1
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass        10 CDC Data
      bInterfaceSubClass      0 Unused
      bInterfaceProtocol      0
      iInterface              4 Random
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x85  EP 5 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               1
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x05  EP 5 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               1
Device Status:     0x0000
  (Bus Powered)
Process Status

Confirm the rngd service is running.

[user@mainpc:~]$ sudo ps aux | grep rngd
root      7144  0.0  0.0  30960   748 ?        SNLl 11:39   0:00 rngd -f --rng-entropy=.93750 -r /dev/stdin

[user@mainpc:~]$ sudo pgrep -a rngd 
7144 rngd -f --rng-entropy=.93750 -r /dev/stdin

The output of -r /dev/stdin is indicative that you are using openssl for extra whitening (the default). It can be changed in /etc/onerng.conf.

ttyACM0

Info about the tty device

[user@mainpc:~]$ stat /dev/ttyACM0 
  File: /dev/ttyACM0
  Size: 0         	Blocks: 0          IO Block: 4096   character special file
Device: 6h/6d	Inode: 35324       Links: 1     Device type: a6,0
Access: (0600/crw-------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2018-09-23 12:10:35.523596786 -0400
Modify: 2018-09-23 11:39:21.523596786 -0400
Change: 2018-09-23 11:39:16.523596786 -0400
 Birth: -
/var/log/messages

Check the log files for information

[user@mainpc:log]$ sudo grep OneRNG /var/log/messages
Aug 30 17:33:45 mainpc OneRNG: firmware verification passed OK - version=3

[user@mainpc:log]$ sudo grep ttyACM /var/log/messages
Aug 30 17:31:43 gaming kernel: [ 5810.258554] cdc_acm 2-8:1.0: ttyACM0: USB ACM device

Testing the OneRNG

We can run it through a series of tests to verify it’s working.

There is a visual indication to verify it’s operation as well. When you use it, for instance by running cat /dev/random > /dev/null, the led light will dim on the device. Once you stop it by pressing <Ctrl>+C, it will go back to full brightness.

Create a 10M file

We’ll use dd to create a 10M file of random data. I’ll time it and see how long it takes for each. I ran 3 instances:

  • /dev/random – OneRNG used through /dev/random
  • /dev/ttyACM0 – Using the device directly
  • /dev/urandom – Not using the OneRNG at all
# OneRNG using /dev/random
[user@mainpc:~]$ time dd if=/dev/random of=random.img iflag=fullblock bs=1M count=10
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 595.879 s, 17.6 kB/s

real 9m55.880s
user 0m0.028s
sys 0m4.308s

# OneRNG using /dev/ttyACM0
[user@mainpc:~]$ time sudo dd if=/dev/ttyACM0 of=tty.img iflag=fullblock bs=1M count=10
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 182.066 s, 57.6 kB/s

real	3m2.079s
user	0m0.092s
sys	0m1.016s

# Just using /dev/urandom
[user@mainpc:~]$ time dd if=/dev/urandom of=urandom.img iflag=fullblock bs=1M count=10
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0.05296 s, 198 MB/s

real 0m0.056s
user 0m0.000s
sys 0m0.056s

ent

I passed the outputted files through ent – a pseudorandom number sequence test.

[user@mainpc:~]$ ent random.img 
Entropy = 7.999981 bits per byte.

Optimum compression would reduce the size
of this 10485760 byte file by 0 percent.

Chi square distribution for 10485760 samples is 280.27, and randomly
would exceed this value 13.28 percent of the times.

Arithmetic mean value of data bytes is 127.4895 (127.5 = random).
Monte Carlo value for Pi is 3.142349679 (error 0.02 percent).
Serial correlation coefficient is 0.000131 (totally uncorrelated = 0.0).

[user@mainpc:~]$ ent tty.img 
Entropy = 7.999983 bits per byte.

Optimum compression would reduce the size
of this 10485760 byte file by 0 percent.

Chi square distribution for 10485760 samples is 249.34, and randomly
would exceed this value 58.83 percent of the times.

Arithmetic mean value of data bytes is 127.4574 (127.5 = random).
Monte Carlo value for Pi is 3.142624337 (error 0.03 percent).
Serial correlation coefficient is 0.000404 (totally uncorrelated = 0.0).

[user@mainpc:~]$ ent urandom.img 
Entropy = 7.999983 bits per byte.

Optimum compression would reduce the size
of this 10485760 byte file by 0 percent.

Chi square distribution for 10485760 samples is 249.17, and randomly
would exceed this value 59.11 percent of the times.

Arithmetic mean value of data bytes is 127.4838 (127.5 = random).
Monte Carlo value for Pi is 3.144704874 (error 0.10 percent).
Serial correlation coefficient is 0.000213 (totally uncorrelated = 0.0).

rngtest

Lastly, I ran the output through rngtest for 1000 passes and copied the output.

[user@mainpc:~]$ rngtest -c 1000 </dev/random
rngtest 2-unofficial-mt.14
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 1000
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=68.024; avg=137.971; max=26609.332)Kibits/s
rngtest: FIPS tests speed: (min=19.868; avg=74.944; max=105.378)Mibits/s
rngtest: Program run time: 141815448 microseconds

[user@mainpc:~]$ rngtest -c 1000 </dev/urandom
rngtest 2-unofficial-mt.14
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 1000
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=866.977; avg=1898.615; max=2119.276)Mibits/s
rngtest: FIPS tests speed: (min=37.108; avg=102.402; max=106.556)Mibits/s
rngtest: Program run time: 196428 microseconds

Configuration and Log Files

There are a couple of files that could possibly be of interest to you:

  • /etc/default/rng-tools – settings for rng-tools
  • /etc/onerng.conf – configuration file for the device itself
  • /sbin/onerng.sh – the main script
  • /var/log/messages – where the log messages are sent

What does all this mean?

I don’t know!

Not sure what I will be able to use this for, but it’s pretty nifty to have around.

What do you use yours for?

Helpful Links

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.