Entropy is the essence of randomness and one of the big building blocks of good security. There are lots of ways to generate it on a computer – for example, you may have used apps that ask you to wiggle your mouse cursor to make a private key.
The quantity and quality of entropy shouldn’t be taken lightly. On Linux, /dev/random and similar will “block” and produce nothing if the system is entropy starved, causing real performance issues. Alternative “non-blocking” approaches often source entropy from deterministic, pseudorandom algorithms, which drives security risks due to weak or repeated keys. And for virtual machines, pseudorandom and its limitations are a way of life, since VMs often don’t (or can’t) gather higher-quality entropy from more capable, less “predictable” hardware.
QuintessenceLabs’ new qRand is a daemon for Linux systems that’s configured to monitor requests for randomness. If entropy falls below a specified limit, qRand corrects this by delivering full-entropy random numbers directly from qStream, our quantum random number generator. This enables applications to generate and use high-quality cryptographic keys, for instance, with no changes needed of the application itself.
qStream is a quantum-powered module that uses quantum tunneling to sample the random movement of electrons across a diode, generating truly unpredictable strings of random numbers. Streaming at up to 1Gbit/s, it provides plenty of random for qRand to feed entropy-starved applications needing that randomness for encryption keys or indeed any other application.
The idea for qRand came while working with one of our partners, who had a large number of Linux systems — virtualized and otherwise — struggling to get entropy. Our team recognized the advantages of an entropy daemon for any organization with their own starvation problems, and out of that came today’s qRand offering.