Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients.
Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). The infrastricture prevents the /dev/random device from becoming empty, because that event would cause the programs that are waiting for random data to hang until new data is collected. This is useful for systems that need to generate encryption keys, run VPN software or run a casino website. Also virtual systems that have no good sources of entropy like virtual servers (e.g. VMware, XEN and KVM (altough KVM has the virtio_rnd driver)).
Entropy Broker is an infrastructure consisting of client-daemons that fill /dev/random and server-daemons that feed the central entropy broker-server. The server-daemons can gather random values by measuring timer frequency noise, analysing noise from a unused audio-device, noise from a video source (webcam, tv-card) and random values from a real hardware RNG (random number generator).
How it works
It uses the blowfish encryption algorithm to stir the entropy data into the (4096 bits in size) pools. It has a configurable number of pools (default 14). To extract entropy data, it calculates a SHA512 hash, folds it in half and then returned as data. After that the hash is used to permutate the pool again. For each blowfish invocation, the initial vector is rotated 1 bit - it is initialized with 64 bit taken from the local system-PRNG. It uses this method to determine the number of bits of information in the data delivered by the entropy-gather-servers.
What's New in This Release: [ read full changelog ]
· added support for the EGD (entropy gathering daemon) unix domain socket interface so that EntropyBroker can also retrieve entropy data from an EntropyKey