{"id":1276,"date":"2018-04-16T22:32:11","date_gmt":"2018-04-16T20:32:11","guid":{"rendered":"https:\/\/13-37.org\/infinite-noise-trng\/faq\/"},"modified":"2019-02-21T13:24:57","modified_gmt":"2019-02-21T11:24:57","slug":"faq","status":"publish","type":"page","link":"https:\/\/leetronics.de\/de\/infinite-noise-trng\/faq\/","title":{"rendered":"FAQ"},"content":{"rendered":"<h3>Driver<\/h3>\n<details>\n<summary>How to verify the package signature?<\/summary>\n<p>1. Get the key fingerprints<br \/>\nThe fingerprints of the code signing key used for all the packages and repositories can currently be found in four different locations:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.crowdsupply.com\/13-37\/infinite-noise-trng#software_1\" target=\"_blank\" rel=\"nofollow noopener\">Crowd Supply campaign<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/waywardgeek\/infnoise\/blob\/master\/software\/README\" target=\"_blank\" rel=\"noopener\">GitHub<\/a><\/li>\n<li><a href=\"https:\/\/13-37.org\/de\/keys\/\">13-37.org<\/a><\/li>\n<li>the user manual (link below)<\/li>\n<\/ul>\n<p>After you did this, continue with the installation as described on Linux packages for the Infinite Noise TRNG<\/p>\n<p>2. Download and verify the public key<\/p>\n<pre><code>$ wget -O 13-37.org-code.asc https:\/\/13-37.org\/files\/pubkey.gpg \r\n\r\nVerify the keys fingerprint:\r\n\r\n# GPG1\r\n$ gpg --with-fingerprints 13-37.org-code.asc\r\n# GPG2:\r\n$ gpg2 --import-options import-show --dry-run --import &lt; 13-37.org-code.asc<\/code><\/pre>\n<h5>3.1 Debian\/Ubuntu<\/h5>\n<p>Add the public key to apt&#8217;s keyring:<\/p>\n<pre><code>$ sudo apt-key add 13-37.org-code.gpg\r\n<\/code><code>\r\n<\/code>3.2 RPM<\/pre>\n<p>Import the public key to rpm&#8217;s keyring:<\/p>\n<pre><code>$ rpm --import 13-37.org-code.asc\r\n<\/code><\/pre>\n<h5>3.3 ArchLinux<\/h5>\n<p>TODO<\/p>\n<\/details>\n<details>\n<summary>How to compile the driver?<\/summary>\n<p>To compile the driver, you&#8217;ll need the\u00a0<strong>libftdi<\/strong>\u00a0development files installed. Usually called libftdi-dev &#8211; or also compile\u00a0it from\u00a0<a href=\"https:\/\/www.intra2net.com\/en\/developer\/libftdi\/download.php\" rel=\"nofollow\">source<\/a>.<\/p>\n<pre><code>$ git clone <a href=\"https:\/\/github.com\/13-37-org\/infnoise\/\">https:\/\/github.com\/13-37-org\/infnoise\/<\/a>\r\n$ cd infnoise\/software\r\n$ make\r\n$ make install\r\n<\/code><\/pre>\n<p>The init scripts and udev rule in software\/init_scripts are not installed this way. You can do it manually. Just follow the software&#8217;s README on github.<code><\/code><\/p>\n<\/details>\n<details>\n<summary>When running\u00a0infnoise, I get &#8222;USB read or write failed&#8220; after some seconds<\/summary>\n<p>Each instance of the driver uses the corresponding USB device exclusively, so its not possible to run the driver twice &#8211; and trying to do so will result in these error messages.<\/p>\n<p>Make sure you have stopped the Infinite Noise service, as it will try to restart &#8211; causing that error. If you&#8217;re using it behind an USB hub, try connecting it directly to your port. (Or try another USB port)<\/p>\n<pre><code># sudo service infnoise.service stop\r\n<\/code><\/pre>\n<p>Optionally, you can also mask the service so it also won&#8217;t be restarted if you plug in the device.<\/p>\n<pre><code># sudo systemctl mask infnoise.service\r\n<\/code><\/pre>\n<p>If all this doesn&#8217;t help, please <a href=\"https:\/\/13-37.org\/de\/kontakt\/\">contact us<\/a> as this may indicate a problem with the hardware.<\/p>\n<\/details>\n<details>\n<summary>Is it possible to use multiple devices in parallel?<\/summary>\n<p>Yes &#8211; we can! But only on Linux (so far).<\/p>\n<p>There are different scenarios in which this may be useful, as you can have only one session per device.<\/p>\n<p><strong>1. You want to use it in \/dev\/random mode and use the binary to play with random data at the same time<\/strong><\/p>\n<p>You could stop the service with\u00a0<code>service infnoise stop<\/code>\u00a0so you can execute\u00a0<code>infnoise<\/code>\u00a0without problems. Otherwise systemd will kick you out again (and you&#8217;ll se the error message\u00a0<code>USB read\/write failed<\/code>) as it tries to restart the driver.<\/p>\n<p>The supplied systemd unit file reads a configuration file in\u00a0<code>\/etc\/infnoise.conf<\/code>\u00a0where you can\u00a0<code>INFNOISE_SERIAL<\/code>according to the device to be used for \/dev\/random mode &#8211; and use further devices for whatever you want.<\/p>\n<p>If you don&#8217;t want it to start at all &#8211; just disable it with\u00a0<code>systemctl mask infnoise<\/code>.<\/p>\n<p><strong>2. You need more speed<\/strong><\/p>\n<p>When you have a custom application requiring huge amounts of random data, you can attach at least 10 devices in parallel &#8211; as I do for production testing (at a single USB hub!).<\/p>\n<p>Just be aware this may cause a lot of cpu load &#8211; especially when you want to combine it a huge whitening multiplier &#8211; and you&#8217;ll need to merge the data streams somehow (or use one device per thread?).<\/p>\n<p><em><strong>Note:<\/strong> Don&#8217;t use other devices on the same USB hub &#8211; and even better use a real port for each device, as timing issues may arise.<\/em><\/p>\n<\/details>\n<h3>How To Use<\/h3>\n<p>There are several different ways to consume the entropy.<\/p>\n<details>\n<summary>\/dev\/random (only works with GNU\/Linux)<\/summary>\n<p>Just let it feed \/dev\/random and feel a bit safer while accelerating your cryptographic operations when you do lots of them.<\/p>\n<p>This is the default mode of operation of the downloadable packages as feeding the kernel&#8217;s entropy pool is the simplest way to get entropy to where its needed.<\/p>\n<p>The systemd service used to start the driver\u00a0 configuration file \/etc\/infnoise.conf where you can change some parameters used in this mode of operation.<\/p>\n<p><em><strong>Note:<\/strong> Remember to stop the service before using the other ways described below.<\/em><\/p>\n<pre>$ sudo service infnoise stop<\/pre>\n<p>When you don&#8217;t want it to start when you plugin the device, you can disable it permanently with:<\/p>\n<pre><code>$ sudo systemctl mask infnoise.service<\/code><\/pre>\n<\/details>\n<details>\n<summary>Run it from the command line<\/summary>\n<p>Execute the binary and capture its\u00a0<code>stdout<\/code>\u00a0for further processing (Windows, MacOS and GNU\/Linux)<\/p>\n<p>You can simply run the\u00a0<code>infnoise<\/code>\u00a0command with its various parameters command after compiling it from source or installing the compiled and signed packages.<\/p>\n<p>Keep in mind you need to stop other instances running on the same device.<\/p>\n<\/details>\n<details>\n<summary>Integrate into your custom application<\/summary>\n<p>Call the binary within your custom application and capture stdout and optionally also stderr to use the data while monitoring the health monitor.<\/p>\n<p>There are some <a href=\"https:\/\/github.com\/13-37-org\/infnoise\/tree\/master\/software\/examples\">usage examples<\/a> for this on GitHub.<\/p>\n<p>There is also a shared C library (libinfnoise) to built upon. Examples are also on Github (see above).<\/p>\n<\/details>\n<h3>Hardware<\/h3>\n<details>\n<summary>Why is whitening not implemented in hardware?<\/summary>\n<p>The Infinite Noise does not have microcontroller capable of this. It uses an off-the-shelf usb chip to interface with your computer. This way there is no programmable logic in the signal path. See update #3 for details.<\/p>\n<p>Why this is an essential security feature? As the driver always sees the raw stream from the device, it is able to constantly verify the data is OK to use.<\/p>\n<\/details>\n<details>\n<summary>Why does it have no firmware?<\/summary>\n<p>By using an off-the-shelf usb chip there is no reprogrammable logic in the signal path. This is great as it reduces the attack vectors on the device dramatically.<\/p>\n<p>See updates #3 and #5 of the Crowd Supply campaign for more details.<\/p>\n<\/details>\n<details>\n<summary>How can it have a serial when there is no firmware?<\/summary>\n<p>The USB chip has no re-programmable logic, but still offers us access to an EEPROM to save application or USB specific data like the Vendor- and Product-ID\u2019s as well as an usually factory programmed serial number (i.e.\u00a0<code>DM00WOEF<\/code>)<\/p>\n<p>In the first place, I did not want to change the EEPROM settings at all and just use the \u201cunique\u201d serial numbers from FTDI. But as we\u2019ve been getting close to the 5000$ goal so fast, I continued working on the workflow to create the labels.<\/p>\n<p>It turned out to be very complicated to read-out the actual serial number and print (super-small) labels one by one. And I wasn\u2019t so sure about the uniqueness of FTDI\u2019s serial numbers. That&#8217;s why a new serial number is assigned from a database of pre-generated ones right after the final production test has passed. The dataset of the specific serial number is completed with the test results, a batch number, the \u201cunique\u201d FTDI serial and a timestamp.<\/p>\n<p>By integrating this into the automated workflow of device testing I just need to put the right label onto the device (and my script tells me which one goes where).<\/p>\n<\/details>\n<details>\n<summary>How can I restore its original serial<\/summary>\n<p>Yes you can! Using the FTDI FT_Prog utility for Windows this is pretty easy. There is also a command line tool\u00a0<code>ftdi_eeprom<\/code>\u00a0included in the fully\u00a0<strong>open-source<\/strong>\u00a0FTDI driver that I\u2019m using in the production workflow &#8211; buts its very low-level.<\/p>\n<p>Using the online <a href=\"\/?page_id=1074\">verification service<\/a>\u00a0you can download a generated config file to restore it&#8217;s original or its production serial, using the .CONF for the Linux tool or .XML for Windows\/FT_Prog.<\/p>\n<p>If you have removed the security label (or did not have one),\u00a0<strong>write down<\/strong>\u00a0your original serial number before you continue, otherwise you might loose it forever. There is no way for me to associate the serial numbers to purchases, so I won\u2019t be able to help you. Warranty claims are of course still possible, as long as you have the invoice\/order receipt.<\/p>\n<\/details>\n<h3>Modular Entropy Multiplication and SHA-3<\/h3>\n<p>Some important aspects of modular entropy multiplication and the Keccak SHA-3 sponge used for whitening.<\/p>\n<details>\n<summary>Why not use the raw output directly?<\/summary>\n<p>Of course you can access the raw output stream by using\u00a0<code>--raw<\/code>\u00a0&#8211; but has only 286.000 bits of entropy in 300.000 bits. Anyway its a very reliable source of true random numbers to feed into a hashing function (like SHA-3). If you want to feed it into a different whitening algorithm &#8211; using\u00a0<code>--raw<\/code>\u00a0is an option. When going this way its probably easier to integrate it in the existing open source driver (and share).<\/p>\n<\/details>\n<details>\n<summary>How does the output multiplier work?<\/summary>\n<p>Normally the driver reads as many bytes from the Keccak sponge as raw data was put in. As we read the full buffer of the USB chip at once, this is always\u00a064 bytes\/512 bits of entropy per round.<\/p>\n<p>Using the multiplier the data rate be extended to\u00a0<strong>256 * MULTIPLIER\u00a0<\/strong>bits with (almost) no degradation in entropy.<br \/>\nData is still read in chunks of 1024 bits between each permutation of the Keccak state, to not compromise the full internal state (which has 1600bit\/200 bytes). After 256*MULTIPLIER bits have been read, it is reseeded with 512 bits of raw entropy. The full Keccak state is never exposed, as this would allow attacks on it.<\/p>\n<\/details>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Driver How to verify the package signature? 1. Get the key fingerprints The fingerprints of the code signing key used for all the packages and repositories can currently be found in four different locations: Crowd Supply campaign GitHub 13-37.org the user manual (link below) After you did this, continue with the installation as described on [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":1298,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"class_list":["post-1276","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>FAQ &#8211; leetronics UG<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/leetronics.de\/de\/infinite-noise-trng\/faq\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FAQ &#8211; leetronics UG\" \/>\n<meta property=\"og:description\" content=\"Driver How to verify the package signature? 1. Get the key fingerprints The fingerprints of the code signing key used for all the packages and repositories can currently be found in four different locations: Crowd Supply campaign GitHub 13-37.org the user manual (link below) After you did this, continue with the installation as described on [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/leetronics.de\/de\/infinite-noise-trng\/faq\/\" \/>\n<meta property=\"og:site_name\" content=\"leetronics UG\" \/>\n<meta property=\"article:modified_time\" content=\"2019-02-21T11:24:57+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data1\" content=\"8\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/leetronics.de\\\/de\\\/infinite-noise-trng\\\/faq\\\/\",\"url\":\"https:\\\/\\\/leetronics.de\\\/de\\\/infinite-noise-trng\\\/faq\\\/\",\"name\":\"FAQ &#8211; leetronics UG\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/leetronics.de\\\/de\\\/#website\"},\"datePublished\":\"2018-04-16T20:32:11+00:00\",\"dateModified\":\"2019-02-21T11:24:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/leetronics.de\\\/de\\\/infinite-noise-trng\\\/faq\\\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/leetronics.de\\\/de\\\/infinite-noise-trng\\\/faq\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/leetronics.de\\\/de\\\/infinite-noise-trng\\\/faq\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/leetronics.de\\\/de\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infinite Noise TRNG\",\"item\":\"https:\\\/\\\/leetronics.de\\\/de\\\/infinite-noise-trng\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"FAQ\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/leetronics.de\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/leetronics.de\\\/de\\\/\",\"name\":\"leetronics UG\",\"description\":\"just open source hardware\",\"publisher\":{\"@id\":\"https:\\\/\\\/leetronics.de\\\/de\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/leetronics.de\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/leetronics.de\\\/de\\\/#organization\",\"name\":\"leetronics UG (haftungsbeschr\u00e4nkt)\",\"url\":\"https:\\\/\\\/leetronics.de\\\/de\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/leetronics.de\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/leetronics.de\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/FullColor_TransparentBg_450x186_72dpi.png\",\"contentUrl\":\"https:\\\/\\\/leetronics.de\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/FullColor_TransparentBg_450x186_72dpi.png\",\"width\":450,\"height\":186,\"caption\":\"leetronics UG (haftungsbeschr\u00e4nkt)\"},\"image\":{\"@id\":\"https:\\\/\\\/leetronics.de\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FAQ &#8211; leetronics UG","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/leetronics.de\/de\/infinite-noise-trng\/faq\/","og_locale":"de_DE","og_type":"article","og_title":"FAQ &#8211; leetronics UG","og_description":"Driver How to verify the package signature? 1. Get the key fingerprints The fingerprints of the code signing key used for all the packages and repositories can currently be found in four different locations: Crowd Supply campaign GitHub 13-37.org the user manual (link below) After you did this, continue with the installation as described on [&hellip;]","og_url":"https:\/\/leetronics.de\/de\/infinite-noise-trng\/faq\/","og_site_name":"leetronics UG","article_modified_time":"2019-02-21T11:24:57+00:00","twitter_card":"summary_large_image","twitter_misc":{"Gesch\u00e4tzte Lesezeit":"8\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/leetronics.de\/de\/infinite-noise-trng\/faq\/","url":"https:\/\/leetronics.de\/de\/infinite-noise-trng\/faq\/","name":"FAQ &#8211; leetronics UG","isPartOf":{"@id":"https:\/\/leetronics.de\/de\/#website"},"datePublished":"2018-04-16T20:32:11+00:00","dateModified":"2019-02-21T11:24:57+00:00","breadcrumb":{"@id":"https:\/\/leetronics.de\/de\/infinite-noise-trng\/faq\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/leetronics.de\/de\/infinite-noise-trng\/faq\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/leetronics.de\/de\/infinite-noise-trng\/faq\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/leetronics.de\/de\/"},{"@type":"ListItem","position":2,"name":"Infinite Noise TRNG","item":"https:\/\/leetronics.de\/de\/infinite-noise-trng\/"},{"@type":"ListItem","position":3,"name":"FAQ"}]},{"@type":"WebSite","@id":"https:\/\/leetronics.de\/de\/#website","url":"https:\/\/leetronics.de\/de\/","name":"leetronics UG","description":"just open source hardware","publisher":{"@id":"https:\/\/leetronics.de\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/leetronics.de\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/leetronics.de\/de\/#organization","name":"leetronics UG (haftungsbeschr\u00e4nkt)","url":"https:\/\/leetronics.de\/de\/","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/leetronics.de\/de\/#\/schema\/logo\/image\/","url":"https:\/\/leetronics.de\/wp-content\/uploads\/2020\/03\/FullColor_TransparentBg_450x186_72dpi.png","contentUrl":"https:\/\/leetronics.de\/wp-content\/uploads\/2020\/03\/FullColor_TransparentBg_450x186_72dpi.png","width":450,"height":186,"caption":"leetronics UG (haftungsbeschr\u00e4nkt)"},"image":{"@id":"https:\/\/leetronics.de\/de\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/leetronics.de\/de\/wp-json\/wp\/v2\/pages\/1276","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/leetronics.de\/de\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/leetronics.de\/de\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/leetronics.de\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/leetronics.de\/de\/wp-json\/wp\/v2\/comments?post=1276"}],"version-history":[{"count":0,"href":"https:\/\/leetronics.de\/de\/wp-json\/wp\/v2\/pages\/1276\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/leetronics.de\/de\/wp-json\/wp\/v2\/pages\/1298"}],"wp:attachment":[{"href":"https:\/\/leetronics.de\/de\/wp-json\/wp\/v2\/media?parent=1276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}