I am neither a cryptographer nor a security engineer, so when it came time to consider cryptographic best practices for my project I innocently searched for entropy test utilities. A few skimmed lists later, I had set my sites on one that I kept hearing good things about -- something called dieharder
.
Nakatomi Tower as a CLI? A Digital John McClane? I had to track it down and learn more.
DieHarder DOA?
DieHarder is a CLI entropy testing utility written by Robert G. Brown at Duke University. It implements several rigorous tests that can measure a system's performance calculating random data. To vastly oversimplify, it goes far beyond /dev/urandom
. "Perfect," I thought. "I'll just grab that and include it as a nice-to-have."
Unfortunately, when I followed the installation instructions the compilation failed. Trying to find a solution only pulled up threads dedicated to CentOS or Ubuntu that were years out of date. So, I decided to solve how to compile it on Alpine myself.
Sed to the Rescue
Luckily, the necessary changes are brief and can be made using the built-in stream editor sed
. The addition of a missing typedef
and a missing define
of a constant are all that it takes to make the compilation succeed; aside from renaming a required dependency.
Without further ado, here's how to install, patch, compile, and run this utility on Alpine!
#!/bin/sh
# Install static packages.
apk add \
apk-tools-static \
busybox-static
# Install packages needed to compile DieHarder.
apk.static -U add \
chrpath \
gsl \
gsl-dev \
haveged \
libtool \
make \
rng-tools \
rpm-dev \
build-base
# Create a valid build tree for RPM.
mkdir -pm 0700 \
~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
# Point to the 'rpmbuild' path in the macro file.
echo '%_topdir %(echo $HOME)/rpmbuild' >> ~/.rpmmacros
# Create a path of your choice to install into.
mkdir -pm 0700 /your/install/path
chown root:root /your/install/path
# Download the latest version of dieharder.
wget -c \
http://webhome.phy.duke.edu/~rgb/General/dieharder/dieharder.tgz -O - | \
tar -xz -C /your/install/path/
# Set current directory to the top level of the build
# extracted from the tarball.
cd /your/install/path/*
# Generate makefiles and compilation resources.
./autogen.sh
# ---- Patch dieharder.spec file.
# Patch line 16 to point to 'gsl-dev' package.
sed -i \
'16s/.*/chrpath gsl-dev/' \
./dieharder.spec
# Patch line 129 to prevent 'macro expanded' error.
sed -i '129s/.*/# /' ./dieharder.spec
# ---- Patch libdieharder.h file.
# Insert new line to define 'M_PI' constant.
sed -i \
'66i #define M_PI 3.14159265358979323846' \
./include/dieharder/libdieharder.h
# Insert new line to create 'uint' typedef.
sed -i \
'262i typedef unsigned int uint;' \
./include/dieharder/libdieharder.h
# Compile dieharder.
make install
# Run all tests in dieharder.
dieharder -a
This has been tested using dieharder 3.31.1
running on Alpine 3.12 Stable inside a HashiCorp Vault 1.5.4 image built with docker-compose
. Results may vary.
Hope this helps you in your cryptographic projects, and thanks for reading!
Top comments (0)