WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: haveged - a simple entropy daemon  (Read 7820 times)

Offline lzsaver

  • Newbie
  • *
  • Posts: 3
haveged - a simple entropy daemon
« on: July 10, 2013, 06:32:37 AM »
Web site:
issihosts.com/haveged

How to check that it's working:
watch cat /proc/sys/kernel/random/entropy_avail
This value should increase after starting the daemon.

Offline tinypoodle

  • Hero Member
  • *****
  • Posts: 3857
Re: haveged - a simple entropy daemon
« Reply #1 on: July 10, 2013, 11:40:04 AM »
Are you sure you really need such and could not just use /dev/urandom which is non-blocking?
"Software gets slower faster than hardware gets faster." Niklaus Wirth - A Plea for Lean Software (1995)

Offline lzsaver

  • Newbie
  • *
  • Posts: 3
Re: haveged - a simple entropy daemon
« Reply #2 on: July 10, 2013, 07:37:21 PM »
Yes, I'm sure. But I'm not sure what's the best entropy daemon:
audio-entropyd, clrngd, haveged, timer_entropyd, video_entropyd...

I think that Tiny Core need at least one of them. ::)

Also some entropy test program like ent would be quite useful.

Offline bmarkus

  • Administrator
  • Hero Member
  • *****
  • Posts: 7183
    • My Community Forum
Re: haveged - a simple entropy daemon
« Reply #3 on: July 10, 2013, 07:50:55 PM »

I think that Tiny Core need at least one of them. ::)


Why?
Béla
Ham Radio callsign: HA5DI

"Amateur Radio: The First Technology-Based Social Network."

Offline lzsaver

  • Newbie
  • *
  • Posts: 3
Re: haveged - a simple entropy daemon
« Reply #4 on: July 11, 2013, 07:07:45 PM »
Of course, for faster key generation in a low entropy environment. 8)

Offline bmarkus

  • Administrator
  • Hero Member
  • *****
  • Posts: 7183
    • My Community Forum
Re: haveged - a simple entropy daemon
« Reply #5 on: July 12, 2013, 02:28:51 AM »
Of course, for faster key generation in a low entropy environment. 8)

Can you specifiy what do you mean low entropy environment, where kernels built-in generator is not satisfactory?
Béla
Ham Radio callsign: HA5DI

"Amateur Radio: The First Technology-Based Social Network."

Offline gerald_clark

  • TinyCore Moderator
  • Hero Member
  • *****
  • Posts: 4254
Re: haveged - a simple entropy daemon
« Reply #6 on: July 12, 2013, 02:45:39 AM »
Headless servers have no keyboard nor mouse.  These are the two biggest entropy generators.

Offline tinypoodle

  • Hero Member
  • *****
  • Posts: 3857
Re: haveged - a simple entropy daemon
« Reply #7 on: July 12, 2013, 02:57:05 AM »
Still
Quote
faster key generation in a low entropy environment
is not specific enough to sufficiently justify the use of /dev/random over /dev/urandom.

Unsufficiently justified use of /dev/random could per se result in a lack of available entropy.
"Software gets slower faster than hardware gets faster." Niklaus Wirth - A Plea for Lean Software (1995)

Offline bonatomar

  • Newbie
  • *
  • Posts: 1
Re: haveged - a simple entropy daemon
« Reply #8 on: September 25, 2014, 02:17:54 PM »
I would like to pick up this old thread and give some reasoning for creating an TCL extension for haveged.

I'm using Boot2Docker (http://boot2docker.io/) - which is based on TCL - for running Docker containers in development/testing. Starting up Java (server) applications in Docker containers on Boot2Docker constantly drains the entropy pool. Starting up the applications takes minutes rather than seconds, which is not acceptable in development/testing. Since I don't want (and often can't) modify the applications to use /dev/urandom I need some other means to prevent the entropy pool from bleeding out. An entropy gathering daemon like haveged seems to be a proper solution (see my question on http://stackoverflow.com/questions/26021181/not-enough-entropy-to-support-dev-random-in-docker-containers-running-in-boot2d for more information).

I would like to include a TCL for haveged into Boot2Docker, unfortunately I'm not very familiar with TCL and don't know how to build an extension my self. I would appreciate any help with building such an extension!

Offline bmarkus

  • Administrator
  • Hero Member
  • *****
  • Posts: 7183
    • My Community Forum
Re: haveged - a simple entropy daemon
« Reply #9 on: September 25, 2014, 03:02:59 PM »
haveged.tcz added to 5.x/x86 repo.
Béla
Ham Radio callsign: HA5DI

"Amateur Radio: The First Technology-Based Social Network."

Offline narco

  • Newbie
  • *
  • Posts: 1
Re: haveged - a simple entropy daemon
« Reply #10 on: November 07, 2015, 07:17:12 PM »
NOTA BENE: /dev/urandom will also greatly benefit from additional entropy (reflected in the quality of the generated bits -- entirely dependent on the quality of the entropy you are gathering). OpenSSL on the other hand won't benefit it seems: it will stretch its starting entropy apparently indefintely.

Please ignore the morons saying /dev/urandom is a good source of entropy for OTPs. Neither it nor /dev/random are a good idea for OTP. Actually, you don't know what you're doing and shield not use OTPs at all. Better to know you haven't got closely guarded secrets then to deceive yourself thinking you are so well protected.