I have access to genuine random numbers - random.org, for example.
I have a number of processes using /dev/random and my value for /proc/sys/kernel/random/entropy_avail is 143, which is pretty low.
I'd like to have a process that monitors /proc/sys/kernel/random/entropy_avail and, when it drops below about 3000, tops it up.
How can I incorporate the random numbers from random.org into /dev/random so that entropy_avail increases?
Do not use an online source of entropy!
If your system currently has insufficient entropy, then it will not be able to make a secure connection to random.org and any material you download from it will not be secret. Furthermore, you should not be using the blocking device anyway. It's perfectly fine to use /dev/urandom, no matter how low the entropy estimate is. If for whatever reason you are using a program that is foolishly using the blocking device, you can keep it topped off by installing haveged, a daemon that attempts to generate random data from memory latency. Please see https://www.2uo.de/myths-about-urandom for more.
If you still want to shoot yourself in the foot, then you can use an IOCTL on the random character device to adjust the entropy estimate. From random(4), the RNDADDENTROPY IOCTL is what you want:
RNDADDENTROPY
Add some additional entropy to the input pool, incrementing
the entropy count. This differs from writing to /dev/random
or /dev/urandom, which only adds some data but does not incre‐
ment the entropy count. The following structure is used:
struct rand_pool_info {
int entropy_count;
int buf_size;
__u32 buf[0];
};
Here entropy_count is the value added to (or subtracted from)
the entropy count, and buf is the buffer of size buf_size
which gets added to the entropy pool.
This IOCTL requires the CAP_SYS_ADMIN capability to function.
Very related:
