A userspace substitute for /dev/random, written in perl.
The Gnu Privacy Guard (GPG), along with many other encryption routines (pgp, ssh, even the sequence-number selection algorithm used by the kernel's TCP stack), use this device to seed a secure random number generator. Encryption uses lots of random data, and hybrid public-key/ symmetric-cipher encryption uses even more.
EGD is an Entropy Gathering Daemon meant to be used on systems that can run GPG but which don't have this convenient source of random bits. It is a regular user-space program that sits around, running programs like 'w' and 'last' and 'vmstat', collecting the randomness (or at least the unpredictability) inherent in the output of these system statistics programs when used on a reasonably busy system. It slowly stirs the output of these gathering programs into a pool of entropy, much like the linux kernel device, and allows other programs to read out random bits from this pool.
EGD is meant to be used with GPG, but other programs can use it too. The current release of GPG has a module called randegd which knows how to speak the EGD protocol, allowing GPG to be used securely on non-Linux systems.
EGD is written in perl, which helps make it a lot more portable since perl runs on so many systems. It is designed to deal with a wide variety of possible entropy gatherers, discovering at runtime which ones are available and where they are located.
I'd love to get feedback on how it works on a wide variety of systems, especially those that I don't have access to.
For more information, visit the SourceForge project page. There you can file bugs and get the latest patches.
HOW TO USE EGD WITH GPG:
First, you'll need to configure GnuPG to use EGD for its random number needs. If you are compiling GPG, the easiest way to do this is at configure time. Add --enable-static-rnd=egd to the arguments you give to ./configure. If you have a pre-compiled version of GPG that wasn't configured this way, you should be able to use a loadable extension module to accomplish the same thing; try adding:
load-extension rndegdto your ~/.gnupg/options file, or use --load-extension=rndegd on the command line when you run GPG. Since a system that doesn't have /dev/random at compile time probably won't have it at runtime, configuring rndegd statically makes a lot more sense.
Second, you need to have the daemon running. EGD listens on unix-domain socket for entropy requests. Unless you modify the path name in the GnuPG file "cipher/rndegd.c", GPG will look for this socket in your home directory, in ~/.gnupg/entropy (specifically it will look for "entropy" in the same directory that has your keyrings, the "--homedir"). So you need to tell EGD to listen there. Simply start the daemon as follows:
egd.pl ~/.gnupg/entropyIf you've never run GPG before, you'll have to create your ~/.gnupg directory yourself (gpg will make it for you the first time it's run). The daemon automatically forks itself into the background. Wait a few minutes for it to collect some entropy. After that, GPG should run just like usual. If you encrypt or sign stuff too frequently, you may get messages telling you to wait as more entropy is gathered. Just give the daemon a few minutes to gather more entropy, and GPG will continue along.
Many Solaris systems have a misconfigured perl installation which causes a problem when trying to compile the SHA module included with EGD. See the FAQ for more details.
The SourceForge Project Page is the place to look for known bugs and to file new ones. There is also a FAQ available in the distribution tarball.
Use the discussion forums at SourceForge as a place to post questions and contact other EGD users.