Linux entropy pool / random number benchmark

To: debian-user@lists.debian.org
Subject: Linux entropy pool / random number benchmark
From: David Christensen <dpchrist@holgerdanske.com>
Date: Thu, 27 Nov 2014 15:01:43 -0800
Message-id: <[🔎] 5477AD57.8070404@holgerdanske.com>
In-reply-to: <54692C72.6000105@holgerdanske.com>
References: <54648868.4000208@youmail.dk> <1415980717.1295579.191055213.4309E380@webmail.messagingengine.com> <5466A803.4060201@holgerdanske.com> <5466A87F.6050609@holgerdanske.com> <1416125617.2475301.191525997.5177686E@webmail.messagingengine.com> <54692C72.6000105@holgerdanske.com>

debian-user:

I found some informative articles about Linux and the Intel Secure Keyprocessor feature:



https://software.intel.com/en-us/articles/performance-impact-of-intel-secure-key-on-openssl


http://blog.cloudflare.com/ensuring-randomness-with-linuxs-random-number-generator/

It appears that openssl gives you direct access to Secure Key, while theLinux kernel uses Secure Key to stir an entropy pool that is fed intoSHA-1 to produce random numbers. So, openssl and /dev/random shouldshow speed improvements on a processor with Secure Key, and /dev/urandomshould have better entropy.

Below please find a Perl script for benchmarking the Linux entropy pooland random numbers, and two sample runs on a Wheezy 7.7 i386 machinewith a Pentium 4 3.4E GHz HT processor (does not have Secure Key):

1. The first run was with an idling machine and a low entropy pool tobegin with.

2. The second run was started after rapidly typing random garbage intoanother terminal and continuing to type during the run.

Could somebody with a Secure Key processor please run the script andpost the results?



David


$ cat `which entropy-random-bench `
#!/usr/bin/perl

eval 'exec /usr/bin/perl  -S $0 ${1+"$@"}'
    if 0; # not running under some shell
# $Id: entropy-random-bench,v 1.7 2014/11/27 21:58:22 dpchrist Exp $
#######################################################################
# Argument defaults -- edit to suit:

my $entropy		= '/proc/sys/kernel/random/entropy_avail';
my $random		= '/dev/urandom';
my $duration		=   60.0;	# seconds
my $entropy_upper	= 4095;		# bits
my $entropy_lower	=    0;		# bits
my $nap_upper		=   10.0;	# seconds
my $nap_lower		=    1.0E-06;	# seconds
my $gain		=   10.0;	# seconds / bit

#######################################################################
# The rest of the script should not be edited:

use strict;
use warnings;

use Getopt::Long		qw(
				    :config
				    auto_help
				    auto_version
				);
use Pod::Usage;
use Time::HiRes		qw( sleep time );

$| = 1;

our $VERSION    = sprintf("%d.%03d", q$Revision: 1.7 $ =~ /(\d+)/g);
my $man;

GetOptions(
    "entropy=s"		=> \$entropy,
    "random=s"		=> \$random,
    "duration=f"	=> \$duration,
    "entropy-upper=f"	=> \$entropy_upper,
    "entropy-lower=f"	=> \$entropy_lower,
    "nap-upper=f"	=> \$nap_upper,
    "nap-lower=f"	=> \$nap_lower,
    "gain=f"		=> \$gain,
    "man"		=> \$man,
) or pod2usage(2);
pod2usage(-exitstatus => 0, -verbose => 2) if $man;

my $entropy_span	= $entropy_upper - $entropy_lower;
my $entropy_setpoint	= $entropy_upper / 2;
my $nap_span		= $nap_upper - $nap_lower;
my $nap_offset		= $nap_upper / 2;

my $err;
my $buf;
my $e1;
my $e2;
my $t1;
my $t2;
my $rate;
my $dt;
my $signal;
my $nap			= $nap_lower;
my $lastprint;

open(my $random_fh, $random) or die "error opening $random: $!";
$err = sysread($random_fh, $buf, 1);
die "error reading $random: $!" unless defined $err && $err;

### /proc/sys/kernel/random/entropy_avail is not world-readable, but
### 'cat' can read it (?)
$e1 = `cat $entropy`;
chomp $e1;

print "time (seconds)  entropy (bits)  random (bytes/second)\n",
      "==============  ==============  ======================\n";
my $begin = $lastprint = $t1 = time();
my $end = $begin + $duration;
do {
    sleep($nap);

    $err = sysread($random_fh, $buf, 1);
    die "error reading $random: $!" unless defined $err;

    $e2 = `cat $entropy`;
    chomp $e2;

    $t2 = time();
    $dt = $t2 - $t1;
    $rate = 1.0 / $dt;
    if ($dt && ($lastprint + 1 < $t2)) {
	$lastprint = $t2;
	printf "%14.06f  %14i  %22.6f\n",
	    $t2 - $begin,
	    $e2,
	    $rate;
    }
    $signal = ($e2 - $entropy_setpoint) / $entropy_span;
    $nap = -1.0 * $gain * $signal * $nap_span + $nap_offset;
    $nap = $nap_lower if $nap       < $nap_lower;
    $nap = $nap_upper if $nap_upper < $nap;
    $e1 = $e2;
    $t1 = $t2;
} while ($t2 < $end);
DONE:

__END__

=head1 NAME

entropy-random-bench - Linux entropy pool / random number benchmark

=head1 SYNOPSIS

 entropy-random-bench.pl [options]

  Options:
   --entropy			path to entropy availble file
   --random			path to random number file
   --duration			duration of benchmark
   --entropy-upper		upper range value of entropy available
   --entropy-lower		lower range value of entropy available
   --nap-upper			upper range value for sleep() calls
   --nap-lower			upper range value for sleep() calls
   --gain			timing loop proportional gain
   --man			print manual page and exit
   --help, -?			print usage message and exit

=head1 DESCRIPTION

Interactive benchmark for Linux entropy pool
and random number generator.

$Revision: 1.7 $

=head1 SEE ALSO

=head1 AUTHOR

David Paul Christensen, E<lt>dpchrist@holgerdanske.comE<gt>

=head1 COPYRIGHT AND LICENSE

Copyright (C) 2014 by David Paul Christensen

This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.14.2 or,
at your option, any later version of Perl 5 you may have available.

=cut

#######################################################################



$ entropy-random-bench    ### idle machine
time (seconds)  entropy (bits)  random (bytes/second)
==============  ==============  ======================
     10.003986             190                0.099976
     20.005911             159                0.099981
     30.007754             180                0.099982
     40.009608             144                0.099981
     50.011433             176                0.099982
     60.013297             142                0.099981



$ entropy-random-bench    ### typing random garbage in another terminal
time (seconds)  entropy (bits)  random (bytes/second)
==============  ==============  ======================
     10.003555            2255                0.099981
     13.066172            2182                0.326710
     14.783609            2213                0.582263
     17.803266            2195                0.485620
     19.203198            2162                0.714320
     21.409027            2198                0.453344
     22.735703            2163                0.753764
     24.917697            2217                0.458296
     29.719910            2248                0.253836
     32.861674            2249                0.329366
     36.003314            2242                0.326750
     39.169400            2253                0.343177
     43.820115            2293                0.215147
     45.954385            2212                0.468938
     49.291394            2211                0.425120
     50.300629            2154                0.990849
     52.701802            2223                0.416463
     57.431105            2269                0.249201
     60.151455            2239                0.367843

Reply to:

Follow-Ups:
- Re: Linux entropy pool / random number benchmark
  - From: David Christensen <dpchrist@holgerdanske.com>

Prev by Date: Re: Systemd debugging
Next by Date: Re: ntpd confusion
Previous by thread: _netdev with wpa_supplicant dependency doesn't work at shutdown
Next by thread: Re: Linux entropy pool / random number benchmark
Index(es):
- Date
- Thread