/dev/random - EGD As An Alternative

EGD As An Alternative

A software program called EGD (entropy gathering daemon) is a common alternative for Unix systems which do not support the /dev/random device. It is a user space daemon which provides high quality cryptographic random data. Some cryptographic software such as OpenSSL, GNU Privacy Guard, and the Apache HTTP Server support using EGD when a /dev/random device is not available.

EGD, or a compatible alternative such as prngd, gather pseudo-random entropy from various sources, process it to remove bias and improve cryptographic quality, and then make it available over a Unix domain socket (with /dev/egd-pool being a common choice), or over a TCP socket. The entropy gathering usually entails periodically forking subprocesses to query attributes of the system that are likely to be frequently changing and unpredictable, such as monitoring CPU, I/O, and network usage as well as the contents of various log files and temporary directories.

EGD communicates with other programs which need random data using a simple protocol. The client connects to an EGD socket and sends a command, identified by the value of the first octet:

• command 0: query the amount of entropy currently available. The EGD daemon returns a 4-byte number in big endian format representing the number of random bytes that can currently be satisfied without delay.
• command 1: get random bytes, no blocking. The second byte in the request tells EGD how many random bytes of output it should return, from 1 to 255. If EGD does not have enough entropy to immediately satisfy the request, fewer bytes, or perhaps no bytes may be returned. The first octet of the reply indicates how many additional bytes, those containing the random data, immediately follow in the reply.
• command 2: get random bytes, blocking. The second byte tells EGD how many random bytes of output it should return. If EGD does not have enough entropy, it will wait until it has gathered enough before responding. Unlike command 1, the reply starts immediately with the random bytes rather than a length octet, as the total length of returned data will not vary from the amount requested.
• command 3: update entropy. This command allows the client to provide additional entropy to be added to EGD's internal pool. The next two bytes, interpreted as a 16-bit big endian integer indicate how many bits of randomness the caller is claiming to be supplying. The fourth byte indicates how many additional bytes of source data follow in the request. The EGD daemon may mix in the received entropy and will return nothing back.