In article 792718e8-f403-1dea-367d-977b157af82c@htt-consult.com, Robert Moskowitz rgm@htt-consult.com wrote:
On 05/26/2017 08:35 PM, Leon Fauster wrote:
Am 27.05.2017 um 01:09 schrieb Robert Moskowitz rgm@htt-consult.com:
I am use to low random entropy on my arm boards, not an intel.
On my Lenovo x120e,
cat /proc/sys/kernel/random/entropy_avail
reports 3190 bits of entropy.
On my armv7 with Centos7 I would get 130 unless I installed rng-tools and then I get ~1300. SSH into one and it
drops back to 30! for a few minutes. Sigh.
Anyway on my new Zotac nano ad12 with an AMD E-1800 duo core, I am seeing 180.
I installed rng-tools and no change. Does anyone here know how to improve the random entropy?
EPEL: yum install haveged
WOW!!!
installed, enabled, and started.
Entropy jumped from ~130 bits to ~2000 bits
thanks
Note to anyone running a web server, or creating certs. You need entropy. Without it your keys are weak and attackable. Probably even known already.
Interesting. I just did a quick check of the various servers I support, and have noticed that all the CentOS 5 and 6 systems report entropy in the low hundreds of bits, but all the CentOS 4 systems and the one old FC3 system all report over 3000 bits.
Since they were all pretty much stock installs, what difference between the versions might explain what I observed?
Cheers Tony