Using /dev/qrandom - a Quantum Random Number Generator on CentOS Linux
This tutorial is based off the original documentation by the creator of quantumrandom, Luke Macken.
The Australian National University (ANU) has been running a very interesting project for the last few years - a Quantum Random Number Generator (QRNG) Server, defined no better than their own project description:
This website offers true random numbers to anyone on the internet. The random numbers are generated in real-time in our lab by measuring the quantum fluctuations of the vacuum. The vacuum is described very differently in the quantum mechanical context than in the classical context. Traditionally, a vacuum is considered as a space that is empty of matter or photons. Quantum mechanically, however, that same space resembles a sea of virtual particles appearing and disappearing all the time. This result is due to the fact that the vacuum still possesses a zero-point energy. Consequently, the electromagnetic field of the vacuum exhibits random fluctuations in phase and amplitude at all frequencies. By carefully measuring these fluctuations, we are able to generate ultra-high bandwidth random numbers.
The ANU QRNG Server exposes this publicly over an API - with the help of the quantumrandom Python package, we can use this as the /dev/qrandom
random device on Linux.
Albeit over TLS/SSL, the risks of using an external source as a RNG, over the internet, is another discussion; let's assume that this is just intended as a fun experiment (read: use at your own risk. Please do not use this on production, or important/secure environments).
Using a Quantum Random Number Generator on CentOS Linux 7
As these packages are a little older, they'll only work on Python 2.
1. Install as many dependencies as we can with yum:
yum install python python-pip python-devel \
libattr-devel fuse fuse-devel gccxml \
kernel-{tools,libs,headers} subversion git rng-tools -y
2. Install more Python dependencies
pip install svn+'http://svn.python.org/projects/ctypes/trunk/ctypeslib/#egg=ctypeslib-dev'
pip install git+https://github.com/piranna/cusepy.git
3. Install quantumrandom
pip install quantumrandom
4. Load CUSE (Character device in Userspace, similar to FUSE):
modprobe cuse
5. Create a systemd service to start qrandom automatically
# vim /etc/systemd/system/qrandom.service
[Unit]
Description=qrandom
[Service]
ExecStart=/usr/bin/qrandom-dev
PIDFile=/var/run/qrandom.pid
Type=simple
RemainAfterExit=yes
KillSignal=9
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable qrandom
systemctl start qrandom
You should now hopefully have a quantum random number generator available at /dev/qrandom
! As you can see, we did not create any special permissions for /dev/qrandom
, so this guide only works for the root user. You can add permissions where required to fit your scenario.
Testing /dev/qrandom
With the rng-test package, we can run a FIPS 140-2 test for randomness:
cat /dev/qrandom | rngtest --blockcount=1000
...
rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 1000
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=27.418; avg=397.680; max=19531250.000)Kibits/s
rngtest: FIPS tests speed: (min=77.221; avg=180.006; max=205.091)Mibits/s
rngtest: Program run time: 49928560 microseconds
Using /dev/qrandom as a source of entropy for /dev/random
Instead of using /dev/qrandom
just for random numbers, we can also use it to add entropy to the Linux RNG, /dev/random
:
rngd --rng-device=/dev/qrandom --random-device=/dev/random --timeout=5 --foreground
To monitor how much entropy is available, we can use watch:
watch -n 1 -td 'cat /proc/sys/kernel/random/entropy_avail'
If you want to use this permanently, you can create a rngd service with above command, but with --background
instead of --foreground
; you can base it off the same qrandom systemd service as created earlier.
Special Thanks
Thanks to the smart folks at ANU for making this available to the internet, and thank you to the maker of quantumrandom.