[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Worry about entropy?

On Wed, Dec 3, 2014 at 2:38 PM, Aaron Toponce <aaron.toponce@gmail.com> wrote:
On Mon, Dec 01, 2014 at 04:48:36PM -0400, francis picabia wrote:
> I'm looking at DNSSEC implementation.  One guide
> points out haveged as a way to speed up performance
> of dnssec-keygen.  It certainly did.  I'm wondering if
> anyone has noticed performance improvement by running
> haveged on systems with certain applications.

Instead of trying to rely on /dev/random, use /dev/urandom. Haveged is
intetresting, but I think it might be a bit liberal on its entropy estimates.
At any event, it feeds data into the same CSPRNG that both /dev/random and
/dev/urandom read, so it's no more secure than just relying on /dev/urandom

> Commonly found advice on the net
> is to look at  /proc/sys/kernel/random/entropy_avail
> and it should be around 2000 or better.
> Another comment said that value is
> merely an estimate.  Checking some Redhat
> server systems I handle, I'm seeing values between
> 100 and 200 most often.  One Debian KVM system wildly
> varies from 2000 down to 150 within a few seconds,
> but it isn't doing any noticeable load.

Entropy is _always_ an estimate. It's an approximate measurement of the
unpredictability of the state of the system. In physics, it's an approximate
measurement of the unpredictability of the state of gas particles in a closed
system. Entropy isn't something you use.

> Has anyone experience with seeing significant
> performance boost, or at least avoiding timeouts
> when under load, related to keeping entropy fed
> some how?  I've already read the articles discussing
> use of /dev/random etc., but I'm talking about things
> I implement, not things I code.  I can imagine
> encrypted file system or owncloud and that
> sort of thing being aided, but could it also be
> important for SSL?

OpenSSL, OpenSSH (which uses OpenSSL for random number generation), OpenVPN
(which also uses OpenSSL), Kerberos (ditto), and even GnuPG (except for key
generation), all use /dev/urandom.

You should too.

The only thing you'll get out of /dev/random is frustration due to blocking,
because the entropy estimate of the system is low. Use /dev/urandom, and be
happy. And secure.

So it seems it is mainly the *-keygen type applications which rely
on /dev/random and the rest use urandom.  In this case,
there would be little benefit to running haveged all the time
if few daily processes use /dev/random.


Reply to: