[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Worry about entropy?

I'm looking at DNSSEC implementation.  One guide
points out haveged as a way to speed up performance
of dnssec-keygen.  It certainly did.  I'm wondering if
anyone has noticed performance improvement by running
haveged on systems with certain applications.

Commonly found advice on the net
is to look at  /proc/sys/kernel/random/entropy_avail
and it should be around 2000 or better.
Another comment said that value is
merely an estimate.  Checking some Redhat
server systems I handle, I'm seeing values between
100 and 200 most often.  One Debian KVM system wildly
varies from 2000 down to 150 within a few seconds,
but it isn't doing any noticeable load.

Has anyone experience with seeing significant
performance boost, or at least avoiding timeouts
when under load, related to keeping entropy fed
some how?  I've already read the articles discussing
use of /dev/random etc., but I'm talking about things
I implement, not things I code.  I can imagine
encrypted file system or owncloud and that
sort of thing being aided, but could it also be
important for SSL?

Reply to: