[CentOS] Low random entropy

Sun May 28 05:00:52 UTC 2017
Alice Wonder <alice at domblogger.net>

On 05/27/2017 08:32 PM, Robert Moskowitz wrote:
>
>
> On 05/26/2017 08:35 PM, Leon Fauster wrote:
>>> Am 27.05.2017 um 01:09 schrieb Robert Moskowitz <rgm at htt-consult.com>:
>>>
>>> I am use to low random entropy on my arm boards, not an intel.
>>>
>>> On my Lenovo x120e,
>>>
>>> cat /proc/sys/kernel/random/entropy_avail
>>>
>>> reports 3190 bits of entropy.
>>>
>>> On my armv7 with Centos7 I would get 130 unless I installed rng-tools
>>> and then I get ~1300.  SSH into one and it drops back to 30! for a
>>> few minutes.  Sigh.
>>>
>>> Anyway on my new Zotac nano ad12 with an AMD E-1800 duo core, I am
>>> seeing 180.
>>>
>>> I installed rng-tools and no change.  Does anyone here know how to
>>> improve the random entropy?
>>
>> http://issihosts.com/haveged/
>>
>> EPEL: yum install haveged
>
> WOW!!!
>
> installed, enabled, and started.
>
> Entropy jumped from ~130 bits to ~2000 bits
>
> thanks
>
> Note to anyone running a web server, or creating certs.  You need
> entropy.  Without it your keys are weak and attackable.  Probably even
> known already.
>

Indeed. Installing haveged is the first thing I do when setting up a new 
CentOS 7 machine.

Rebooting and verifying it starts on boot is the second.