View previous topic :: View next topic |
Author |
Message |
o5gmmob8 Guru
Joined: 17 Oct 2003 Posts: 465
|
Posted: Sat Sep 07, 2013 1:36 pm Post subject: not enough entropy - using clrngd, timer, audio-entropyd |
|
|
Hi all,
I am using clrngd, timer_entropyd, and audio-entropyd to generate entropy for my router which has hostapd to serve wireless. Even with the 2 services generating / harvesting entropy, my entropy is very low (ie. < 200). I'm not doing anything excessive on wireless that would drain the entropy that quickly, so I would think that with both of those services running, I should have more than sufficient entropy.
When I was using haveged on my Arch box, I had sufficient entropy (>= 3000). Haveged depends on a version of openrc I am not running, what other options do I have or are my services perhaps mis-configured?
Thanks,
Walter |
|
Back to top |
|
|
swanson Tux's lil' helper
Joined: 04 Jun 2004 Posts: 147 Location: Edinburgh, Scotland
|
Posted: Mon Sep 09, 2013 3:20 pm Post subject: |
|
|
I'd check your routers /proc/sys/kernel/random/write_wakeup_threshold value as it defines the number of bits of entropy below which the kernel will wake up processes that do a select() or poll() for write access to /dev/random, i.e. add to entropy. Normally, write_wakeup_threshold is 128 so I'd set it in /etc/sysctl.conf to a higher value such as;
kernel.random.write_wakeup_threshold setting = 3072
I'm not a fan of timer based entropy generators as they use up CPU and are not really that random while audio_entropyd needs noise but which in a quiet room... I'm fortunate enough to have an Entropy Key serving real random entropy to my computers otherwise I'd use video-entropyd with an old analog TV card not tuned to any channel for that old black and white static as it were. _________________ Alan. |
|
Back to top |
|
|
Logicien Veteran
Joined: 16 Sep 2005 Posts: 1555 Location: Montréal
|
Posted: Mon Sep 09, 2013 9:06 pm Post subject: |
|
|
Hi,
I had the same problem with Hostapd who was saying it lack of entropy at boot. I tried clrngd daemon, Hostapd stop to complain, but clrngd make the CPU load and temperature become very high. So I change to audio-entropyd who do the job with little CPU use.
Note that I put audio-entropyd in the boot level and hostapd in the default level to be sure that audio-entropyd start before hostapd.
I note your kernel configuration setup swanson. It look to be an interesting alternative to entropy daemons. This Linux kernel is doing a lot of things.
_________________ Paul |
|
Back to top |
|
|
o5gmmob8 Guru
Joined: 17 Oct 2003 Posts: 465
|
Posted: Tue Sep 10, 2013 12:46 am Post subject: |
|
|
Hi guys,
Thanks for the feedback. I noticed the same thing with clrng that it only seems to make the CPU skyrocket when it generates entropy every 4 minutes. That is a good point about the wakeup_threshold. I'll give that a try as well.
The odd thing is that with all those entropy daemons running, I still don't have that much entropy. I do indeed have audio-entropyd running, but my it only appears to run on the device detected as the microphone and I don't have a mic plugged in. I'll have to do more reading about audio-entropyd, hopefully that will provide sufficient entropy.
Walter |
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Tue Sep 10, 2013 8:23 am Post subject: |
|
|
AFAIK there's a rng-tools package - could you use that too ? |
|
Back to top |
|
|
o5gmmob8 Guru
Joined: 17 Oct 2003 Posts: 465
|
Posted: Tue Sep 10, 2013 11:43 am Post subject: |
|
|
Hi toralf,
Thanks for the information, but actually this I believe is specifically for hardware random number generators which I do NOT have unless they're already built-into my motherboard. This package also provides tools for testing quality of entropy, so I do have it installed for that purpose.
Walter |
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Tue Sep 10, 2013 12:34 pm Post subject: |
|
|
beside that here's a nice discussion about /dev/[u]random : https://plus.google.com/117091380454742934025/posts/SDcoemc9V3J , especially T'so comments are worth to be read. And I took a look onto clrnd´gd - but its from 2002 (isn't it ?) and uses too much CPU resources for just an entropy daemon - nothing for me. |
|
Back to top |
|
|
|