Re: Stretch => Buster: Entropy during boot

To: debian-user@lists.debian.org
Subject: Re: Stretch => Buster: Entropy during boot
From: Andy Smith <andy@strugglers.net>
Date: Fri, 16 Oct 2020 14:41:56 +0000
Message-id: <[🔎] 20201016144156.GE3103@bitfolk.com>
In-reply-to: <[🔎] ef27e700-dbd7-79df-1e58-316895c20fcf@dybdal.dk>
References: <[🔎] ef27e700-dbd7-79df-1e58-316895c20fcf@dybdal.dk>

Hi Jesper,

On Fri, Oct 16, 2020 at 12:28:13PM +0200, Jesper Dybdal wrote:
> I run a few Stretch systems on old processors that do not support the RDRAND
> instruction.
> 
> Can I simply install "haveged" on the Stretch systems *before* the upgrade
> to Buster to avoid problems during the upgrade?

In July last year I experimented with boot times on a virtual
machine while:

- running normally

- disallowing RDRAND for early entropy

- disallowing RDRAND entirely

The normal boot (RDRAND) took ~1 second; the "no RDRAND at all" boot
took ~49 seconds. Given that a virtual machine has no real hardware
to provide sources of entropy I would consider this to be near to a
worst case for SSH. If you have other boot-time services that
require entropy then they may take significantly longer.

So if it's mainly SSH you're worried about, I don't think this will
be the end of the world for you to just do it and see what happens.

    https://strugglers.net/~andy/blog/2019/07/11/experiments-with-rdrand-and-entropykey/

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Reply to:

References:
- Stretch => Buster: Entropy during boot
  - From: Jesper Dybdal <jd-debian-user@dybdal.dk>

Prev by Date: Re: Stretch => Buster: AppArmor
Next by Date: Re: Stretch => Buster: AppArmor
Previous by thread: Re: Stretch => Buster: Entropy during boot
Next by thread: OpenSSl encrpt and decrypt a String
Index(es):
- Date
- Thread