Forum Discussion
CirrostratusBest way to get proper random numbers?
Okay did an initial implementation using "rand()".
Found this article of the hardware random number generator.
I appreciate not all F5s are hardware these days.
Is there a sensible way to fetch a random number such that it will:
Use the hardware random number generator if present.
Fall back to "/dev/urandom" or similar (we hope virtualisation providers do something sensible for this on Linux/F5).
Another article suggests AES::key or CRYPTO::keygen - the documentation I found from CRYPTO::keygen is totally opaque as to what it does.
I assume AES::key is just returning a chunk of random data from a random number generator possibly with some hashing or checking(?), again details of what it is doing are not provided, is this cryptographically secure RNG, or is it going to have the same issues as "rand()".
Not sure it strictly matters for this application, but wanted to know for the report that notes the numbers in the output are measurable pseudo-random.
Seems a very natural function to want on the F5 for lots of purposes, so somewhat surprised there isn't just a call to bring back 1 or more bytes of random from a proper source of randomness. Or did I miss something?
2 Replies
Hi Simon,
Try this...this mines the entropy directly from tmm and works on VM as well.
echo -e "\x00\x00\x00\xFF" | nc 127.1.1.2 3 -u -w 1Not exactly automated to fallback to different methods but gives you the entropy you are looking for.
Simon_Waters_13That seems to be the same as the Hardware RNG link above, have you checked the numbers on the virtual machine are properly random (spectral analysis) ? But yes this needs to run in an iRule to generate tokens.
