Are you entropy starved?

Entropy is the essence of randomness and one of the big building blocks of good security. There are lots of ways to generate it on a computer – for example, you may have used apps that ask you to wiggle your mouse cursor to make a private key.

The quantity and quality of entropy shouldn’t be taken lightly. On Linux, /dev/random and similar will “block” and produce nothing if the system is entropy starved, causing real performance issues. Alternative “non-blocking” approaches often source entropy from deterministic, pseudorandom algorithms, which drives security risks due to weak or repeated keys. And for virtual machines, pseudorandom and its limitations are a way of life, since VMs often don’t (or can’t) gather higher-quality entropy from more capable, less “predictable” hardware.

QuintessenceLabs’ new qRand is a daemon for Linux systems that’s configured to monitor requests for randomness. If entropy falls below a specified limit, qRand corrects this by delivering full-entropy random numbers directly from qStream, our quantum random number generator. This enables applications to generate and use high-quality cryptographic keys, for instance, with no changes needed of the application itself.

qStream is a quantum-powered module that uses quantum tunneling to sample the random movement of electrons across a diode, generating truly unpredictable strings of random numbers. Streaming at up to 1Gbit/s, it provides plenty of random for qRand to feed entropy-starved applications needing that randomness for encryption keys or indeed any other application.

The idea for qRand came while working with one of our partners, who had a large number of Linux systems — virtualized and otherwise — struggling to get entropy. Our team recognized the advantages of an entropy daemon for any organization with their own starvation problems, and out of that came today’s qRand offering.

qRand currently supports Ubuntu and RHEL Linux distributions, with support for more platforms planned for the future. For more information, please get in touch with a QuintessenceLabs representative.