Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
not enough entropy - using clrngd, timer, audio-entropyd
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
walterw
Guru
Guru


Joined: 17 Oct 2003
Posts: 430

PostPosted: Sat Sep 07, 2013 1:36 pm    Post subject: not enough entropy - using clrngd, timer, audio-entropyd Reply with quote

Hi all,

I am using clrngd, timer_entropyd, and audio-entropyd to generate entropy for my router which has hostapd to serve wireless. Even with the 2 services generating / harvesting entropy, my entropy is very low (ie. < 200). I'm not doing anything excessive on wireless that would drain the entropy that quickly, so I would think that with both of those services running, I should have more than sufficient entropy.

When I was using haveged on my Arch box, I had sufficient entropy (>= 3000). Haveged depends on a version of openrc I am not running, what other options do I have or are my services perhaps mis-configured?


Thanks,

Walter
Back to top
View user's profile Send private message
swanson
Tux's lil' helper
Tux's lil' helper


Joined: 04 Jun 2004
Posts: 112
Location: Edinburgh, Scotland

PostPosted: Mon Sep 09, 2013 3:20 pm    Post subject: Reply with quote

I'd check your routers /proc/sys/kernel/random/write_wakeup_threshold value as it defines the number of bits of entropy below which the kernel will wake up processes that do a select() or poll() for write access to /dev/random, i.e. add to entropy. Normally, write_wakeup_threshold is 128 so I'd set it in /etc/sysctl.conf to a higher value such as;

kernel.random.write_wakeup_threshold setting = 3072

I'm not a fan of timer based entropy generators as they use up CPU and are not really that random while audio_entropyd needs noise but which in a quiet room... I'm fortunate enough to have an Entropy Key serving real random entropy to my computers otherwise I'd use video-entropyd with an old analog TV card not tuned to any channel for that old black and white static as it were.
_________________
Alan.
Back to top
View user's profile Send private message
Logicien
l33t
l33t


Joined: 16 Sep 2005
Posts: 741
Location: Montréal

PostPosted: Mon Sep 09, 2013 9:06 pm    Post subject: Reply with quote

Hi,
I had the same problem with Hostapd who was saying it lack of entropy at boot. I tried clrngd daemon, Hostapd stop to complain, but clrngd make the CPU load and temperature become very high. So I change to audio-entropyd who do the job with little CPU use.

Note that I put audio-entropyd in the boot level and hostapd in the default level to be sure that audio-entropyd start before hostapd.

I note your kernel configuration setup swanson. It look to be an interesting alternative to entropy daemons. This Linux kernel is doing a lot of things.

:D
_________________
Paul
Back to top
View user's profile Send private message
walterw
Guru
Guru


Joined: 17 Oct 2003
Posts: 430

PostPosted: Tue Sep 10, 2013 12:46 am    Post subject: Reply with quote

Hi guys,

Thanks for the feedback. I noticed the same thing with clrng that it only seems to make the CPU skyrocket when it generates entropy every 4 minutes. That is a good point about the wakeup_threshold. I'll give that a try as well.

The odd thing is that with all those entropy daemons running, I still don't have that much entropy. I do indeed have audio-entropyd running, but my it only appears to run on the device detected as the microphone and I don't have a mic plugged in. I'll have to do more reading about audio-entropyd, hopefully that will provide sufficient entropy.


Walter
Back to top
View user's profile Send private message
toralf
Advocate
Advocate


Joined: 01 Feb 2004
Posts: 2614
Location: Hamburg/Germany

PostPosted: Tue Sep 10, 2013 8:23 am    Post subject: Reply with quote

AFAIK there's a rng-tools package - could you use that too ?
Back to top
View user's profile Send private message
walterw
Guru
Guru


Joined: 17 Oct 2003
Posts: 430

PostPosted: Tue Sep 10, 2013 11:43 am    Post subject: Reply with quote

Hi toralf,

Thanks for the information, but actually this I believe is specifically for hardware random number generators which I do NOT have unless they're already built-into my motherboard. This package also provides tools for testing quality of entropy, so I do have it installed for that purpose.


Walter
Back to top
View user's profile Send private message
toralf
Advocate
Advocate


Joined: 01 Feb 2004
Posts: 2614
Location: Hamburg/Germany

PostPosted: Tue Sep 10, 2013 12:34 pm    Post subject: Reply with quote

beside that here's a nice discussion about /dev/[u]random : https://plus.google.com/117091380454742934025/posts/SDcoemc9V3J , especially T'so comments are worth to be read. And I took a look onto clrnd´gd - but its from 2002 (isn't it ?) and uses too much CPU resources for just an entropy daemon - nothing for me.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum