some thoughts about entropy

Naik · 2016-08-05 08:35:52

Hello!

I have a little problem regarding the amount of entropy available.
Since i started using gpg i see that i needed more of if (cat /proc/sys/kernel/random/entropy_avail: ~800) so i had a look and found that /dev/hwrng exists and some googling told me that this represents a kernel-build-in feature to gather randomness and feed it to /dev/random. however, there are many people complaining that "some scheme for moving data from /dev/hwrng to /dev/random is required (like rng-tools)." But as i investigated further this seems to be a problem only in VMs of which none is running here. Anyways rng-tools wouldn`t run on my device.

Aug 05 09:05:33 HP-D2 systemd[1]: Starting rng-tools.service...
Aug 05 09:05:34 HP-D2 rng-tools[1839]: Starting Hardware RNG entropy gatherer daemon: (failed).
Aug 05 09:05:36 HP-D2 systemd[1]: rng-tools.service: Control process exited, code=exited status=1
Aug 05 09:05:36 HP-D2 systemd[1]: Failed to start rng-tools.service.
Aug 05 09:05:36 HP-D2 systemd[1]: rng-tools.service: Unit entered failed state.
Aug 05 09:05:36 HP-D2 systemd[1]: rng-tools.service: Failed with result 'exit-code'.

i bypassed this problem using haveged and am pretty happy with the result. But somebody told me that this should be the last solution (don`t really know why) and anyways it`s bothering me that there would be kernelfeatures not in use although i might need them.
Do you guys know how to propperly use /dev/hwrng?

Thanks in advance!
naik --greetz

Head_on_a_Stick · 2016-08-05 21:56:43

Hey Naik

Firstly, do you actually have a hardware random number generator?

Is that (cropped) output from `systemctl status rng-tools.service`?

The full output of `journalctl -xe` immediately after a failed attempt to start rng-tools.service would probably be useful.

Usage guide for rng-tools here:
https://wiki.archlinux.org/index.php/Rng-tools

haveged [...] somebody told me that this should be the last solution

Yes, the efficacy of haveged is contested. (1) (2)

Naik · 2016-08-06 21:25:40

Head_on_a_Stick wrote:

Firstly, do you actually have a hardware random number generator?

No, I do not have a device designed for this by now, but i consider buying one. Is that what you`d suggest too?

Head_on_a_Stick wrote:

Is that (cropped) output from `systemctl status rng-tools.service`?

No, it is actually the output of journalctl | grep 'rng'
the result of journalctl -xe

-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit rng-tools.service has begun starting up.
Aug 06 23:16:49 HP-D2 rng-tools[18736]: Starting Hardware RNG entropy gatherer daemon: rngd.
Aug 06 23:16:49 HP-D2 systemd[1]: Started rng-tools.service.
-- Subject: Unit rng-tools.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit rng-tools.service has finished starting up.
-- 
-- The start-up result is done.
Aug 06 23:16:49 HP-D2 rngd[18738]: rngd 2-unofficial-mt.14 starting up...
Aug 06 23:16:49 HP-D2 rngd[18738]: entropy feed to the kernel ready
Aug 06 23:16:49 HP-D2 systemd[1]: Reloading.
Aug 06 23:16:49 HP-D2 systemd[1]: apt-daily.timer: Adding 9h 46min 10.436574s random time.
Aug 06 23:16:51 HP-D2 sudo[17646]: pam_unix(sudo:session): session closed for user root
Aug 06 23:17:01 HP-D2 CRON[18982]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug 06 23:17:01 HP-D2 CRON[18981]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug 06 23:17:01 HP-D2 CRON[18983]: (root) CMD (/usr/sbin/video_entropyd)
Aug 06 23:17:01 HP-D2 CRON[18984]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Aug 06 23:17:01 HP-D2 CRON[18981]: pam_unix(cron:session): session closed for user root
Aug 06 23:17:01 HP-D2 CRON[18982]: pam_unix(cron:session): session closed for user root
Aug 06 23:18:01 HP-D2 CRON[19827]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug 06 23:18:01 HP-D2 CRON[19828]: (root) CMD (/usr/sbin/video_entropyd)
Aug 06 23:18:02 HP-D2 CRON[19827]: pam_unix(cron:session): session closed for user root
Aug 06 23:18:27 HP-D2 polkitd(authority=local)[1798]: Registered Authentication Agent for unix-process:20191:115
Aug 06 23:18:31 HP-D2 polkitd(authority=local)[1798]: Operator of unix-session:247 successfully authenticated as
Aug 06 23:18:31 HP-D2 polkitd(authority=local)[1798]: Unregistered Authentication Agent for unix-process:20191:1

As things happen it now appears to start... i dont, know what happend there, but maybe can get more information out of this.

Thank you for the links you provided. I will take the time to read them tomorrow morning and be right back.

naik --greetz

Head_on_a_Stick · 2016-08-06 21:30:43

Naik wrote:

Head_on_a_Stick wrote:
Firstly, do you actually have a hardware random number generator?
No, I do not have a device designed for this by now, but i consider buying one. Is that what you`d suggest too?

I'm not really expert enough to make any suggestions, sorry.

I like the look of https://en.wikipedia.org/wiki/Lavarand though 8)

EDIT: http://www.lavarnd.org/

Last edited by Head_on_a_Stick (2016-08-06 21:34:53)

#1 2016-08-05 08:35:52

some thoughts about entropy

#2 2016-08-05 21:56:43

Re: some thoughts about entropy

#3 2016-08-06 21:25:40

Re: some thoughts about entropy

#4 2016-08-06 21:30:43

Re: some thoughts about entropy

Board footer