[PLUG] rngd

Carlos Konstanski ckonstanski at pippiandcarlos.com
Mon Sep 28 19:30:22 UTC 2009 

On Mon, 28 Sep 2009, Eric Wilhelm wrote:

> Date: Mon, 28 Sep 2009 12:09:35 -0700
> From: Eric Wilhelm <enobacon at gmail.com>
> Reply-To: "General Linux/UNIX discussion and help;	civil and on-topic"
>     <plug at lists.pdxlinux.org>
> To: plug at lists.pdxlinux.org
> Subject: Re: [PLUG] rngd
> 
> # from Carlos Konstanski
> # on Sunday 27 September 2009 19:00:
>
>> rngd is helping, but even it seems to require some hardware signals to
>> produce entropy.
>
> What is currently feeding your /dev/hwrng?  Is the hw_random module
> loaded?  From my reading, rngd is only for bridging hw_random into
> the /dev/random, so you need to already have rng hardware on the
> machine.
>
>> This machine does not get any keyboard or mouse action
>
> The network card, disks, and other drivers also contribute entropy.
>
>> and it uses urandom to generate each new sessionid.  Without some
>> source of entropy, urandom would run dry.
>
> /dev/urandom won't ever run dry, though it will become somewhat weaker
> if it has used up all of the entropy.
>
> "The read-only file entropy_avail gives the available entropy. Normally,
> this will be 4096 (bits), a full entropy pool."
>
>  cat /proc/sys/kernel/random/entropy_avail
>
> "Normally" apparently occurs only inside a concrete box.  I think all of
> those ssh sessions are using my entropy... I've only got ~3600 bits.
>
> --Eric

I don't know if I buy the claim that /dev/urandom will never run dry.
It might not block if it does.  But there is only one entropy pool,
which is shared by /dev/urandom and /dev/random.  /dev/random will
block.  This means that using /dev/urandom to excess can cause
blocking indirectly via /dev/random.

If it's true that the network card, disks, and other drivers also
contribute entropy, then I should be OK.  There is certainly plenty of
network and disk activity on the server.

I've seen entropy values in the single digits before installing rngd.
I admit that the numbers increased substantially after installing
rngd.  But they did not increase to what I would call a comfort level.
It is probably safe to assume that there is enough hardware action
going on to keep rngd's head above water.  I'm just trying to make
absolutely sure.  I am looking for a new job, and will be moving far,
far away from this client.  If they should ever experience entropy
issues, they will not have anybody around who will be able to
troubleshoot it.  I want to leave them on solid ground.

So back to my question: any good random number generator cards for
headless servers?

Carlos

More information about the PLUG mailing list