haveged - a simple entropy daemon

[lzsaver]

Web site:
issihosts.com/haveged

How to check that it's working:
watch cat /proc/sys/kernel/random/entropy_avail
This value should increase after starting the daemon.

[tinypoodle]

Are you sure you really need such and could not just use /dev/urandom which is non-blocking?

[lzsaver]

Yes, I'm sure. But I'm not sure what's the best entropy daemon:
audio-entropyd, clrngd, haveged, timer_entropyd, video_entropyd...

I think that Tiny Core need at least one of them.

Also some entropy test program like ent would be quite useful.

[bmarkus]

I think that Tiny Core need at least one of them.

Why?

[lzsaver]

Of course, for faster key generation in a low entropy environment.

[bmarkus]

Of course, for faster key generation in a low entropy environment.

Can you specifiy what do you mean low entropy environment, where kernels built-in generator is not satisfactory?

[gerald_clark]

Headless servers have no keyboard nor mouse.  These are the two biggest entropy generators.

[tinypoodle]

Still

faster key generation in a low entropy environment

is not specific enough to sufficiently justify the use of /dev/random over /dev/urandom.

Unsufficiently justified use of /dev/random could per se result in a lack of available entropy.

[bonatomar]

I would like to pick up this old thread and give some reasoning for creating an TCL extension for haveged.

I'm using Boot2Docker (http://boot2docker.io/) - which is based on TCL - for running Docker containers in development/testing. Starting up Java (server) applications in Docker containers on Boot2Docker constantly drains the entropy pool. Starting up the applications takes minutes rather than seconds, which is not acceptable in development/testing. Since I don't want (and often can't) modify the applications to use /dev/urandom I need some other means to prevent the entropy pool from bleeding out. An entropy gathering daemon like haveged seems to be a proper solution (see my question on http://stackoverflow.com/questions/26021181/not-enough-entropy-to-support-dev-random-in-docker-containers-running-in-boot2d for more information).

I would like to include a TCL for haveged into Boot2Docker, unfortunately I'm not very familiar with TCL and don't know how to build an extension my self. I would appreciate any help with building such an extension!

[bmarkus]

haveged.tcz added to 5.x/x86 repo.

[narco]

NOTA BENE: /dev/urandom will also greatly benefit from additional entropy (reflected in the quality of the generated bits -- entirely dependent on the quality of the entropy you are gathering). OpenSSL on the other hand won't benefit it seems: it will stretch its starting entropy apparently indefintely.

Please ignore the morons saying /dev/urandom is a good source of entropy for OTPs. Neither it nor /dev/random are a good idea for OTP. Actually, you don't know what you're doing and shield not use OTPs at all. Better to know you haven't got closely guarded secrets then to deceive yourself thinking you are so well protected.