Linux entropy interception
UNLICENSE License
This program intercepts a process' entropy-gathering system calls and
serves those requests from a CSPRNG (ChaCha20) seeded from a user
supplied passphrase (via Argon2). In other words, you can force
/dev/random
, /dev/urandom
, and getrandom(2)
to produce
deterministic output for a specific target process.
One primary use is to force key generation derive from a passphrase even for programs that do not support such a feature.
Requires x86-64 Linux.
Keyed runs the command that follows its own options, so it's as simple
as prepending keyed
before the command to be run.
$ keyed foobar --generate-key
In this example, foobar
will hopefully have deterministic behavior.
You are prompted for a passphrase before the target process is started.
The -h
option prints a list of options.
Keyed uses ptrace(2)
to monitor and intercept system calls
made by the target program. It works at a lower level than LD_PRELOAD
and will still work when the target doesn't link against libc (e.g. Go
programs). However, it does make the target program run a little slower,
much like using strace
.
If the program opens /dev/random
or /dev/urandom
, all reads on that
file descriptor and blocked, and instead served by the monitor program
from its CSPRNG.
All getrandom(2)
system calls are blocked and serviced the same way.
Since getpid(2)
is so often used as an entropy source, even for
cryptography, it's also optionally be intercepted (-p
) to return a
configurable PID.
Unfortunately the technique used by Keyed does not work so well with
many popular cryptographic programs, such as GnuPG, OpenSSL, and OpenSSH
(e.g. ssh-keygen
). These programs draw from many different entropy
sources, including the current time. Unfortunately time-retrieval system
calls, such as gettimeofday(2)
, are accessed via Linux's vDSO and are
not real system calls, making them invisible to keyed.
A program could potentially access even more entropy sources not visible
to ptrace(2)
, like ASLR and random stack gap.
fork(2)
, vfork(2)
, and clone(2)
.