[CentOS] Low random entropy
Alice Wonder
alice at domblogger.net
Sun May 28 05:00:52 UTC 2017
On 05/27/2017 08:32 PM, Robert Moskowitz wrote:
>
>
> On 05/26/2017 08:35 PM, Leon Fauster wrote:
>>> Am 27.05.2017 um 01:09 schrieb Robert Moskowitz <rgm at htt-consult.com>:
>>>
>>> I am use to low random entropy on my arm boards, not an intel.
>>>
>>> On my Lenovo x120e,
>>>
>>> cat /proc/sys/kernel/random/entropy_avail
>>>
>>> reports 3190 bits of entropy.
>>>
>>> On my armv7 with Centos7 I would get 130 unless I installed rng-tools
>>> and then I get ~1300. SSH into one and it drops back to 30! for a
>>> few minutes. Sigh.
>>>
>>> Anyway on my new Zotac nano ad12 with an AMD E-1800 duo core, I am
>>> seeing 180.
>>>
>>> I installed rng-tools and no change. Does anyone here know how to
>>> improve the random entropy?
>>
>> http://issihosts.com/haveged/
>>
>> EPEL: yum install haveged
>
> WOW!!!
>
> installed, enabled, and started.
>
> Entropy jumped from ~130 bits to ~2000 bits
>
> thanks
>
> Note to anyone running a web server, or creating certs. You need
> entropy. Without it your keys are weak and attackable. Probably even
> known already.
>
Indeed. Installing haveged is the first thing I do when setting up a new
CentOS 7 machine.
Rebooting and verifying it starts on boot is the second.
More information about the CentOS
mailing list