Bug #74
closed
Low entropy on several servers.
100%
Description
With the new stats, we can see:
https://stats.duckcorp.org/graph_view.php?action=preview&host_id=0&graph_template_id=0&filter=rand
Orfeo has got a HRNG, which helps having a sufficient, even if still low, level of entropy. Daneel uses timer_entropyd, which seems to be a "not so bad" cheap generator.
As cryptography is used more and more, then more and more entropy is needed, then we need to find a solution to avoid hanging process (due to the blocking behavior of /dev/random).
Here is interresting documentation:- http://bredsaal.dk/improving-randomness-and-entropy-in-ubuntu-9-10
- http://www.gentoo-wiki.info/Generating_Better_Random_Numbers
haveged seems to be an interresting software generator, maybe better then timer_entropyd.
Example of HRNG:- http://www.entropykey.co.uk/
- http://www.idquantique.com/true-random-number-generator/products-overview.html
- http://www.protego.se/
- http://www.filepie.us/?title=Hardware_random_number_generator
The simtec USB key seems to pass FIPS and Diehard tests and have happy users. It has Free and Linux-compatible drivers, already packaged by Debian. Maybe a good solution.
Updated by Marc Dequènes almost 14 years ago
- % Done changed from 10 to 20
Testing Haveged on Toushirou and Orfeo.
Updated by Marc Dequènes almost 14 years ago
HAVEGEd:
[root@Annael ~]# time cat /dev/random | rngtest -c 100000 rngtest 2-unofficial-mt.13 Copyright (c) 2004 by Henrique de Moraes Holschuh This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. rngtest: starting FIPS tests... rngtest: bits received from input: 2000000032 rngtest: FIPS 140-2 successes: 99933 rngtest: FIPS 140-2 failures: 67 rngtest: FIPS 140-2(2001-10-10) Monobit: 5 rngtest: FIPS 140-2(2001-10-10) Poker: 12 rngtest: FIPS 140-2(2001-10-10) Runs: 23 rngtest: FIPS 140-2(2001-10-10) Long run: 27 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=748.553; avg=18362.087; max=19531250.000)Kibits/s rngtest: FIPS tests speed: (min=49.413; avg=135.127; max=139.223)Mibits/s rngtest: Program run time: 120614163 microseconds real 2m0.615s user 0m14.061s sys 1m56.959s
timer_entropyd:
rngtest: bits received from input: 389184 rngtest: FIPS 140-2 successes: 19 rngtest: FIPS 140-2 failures: 0 rngtest: FIPS 140-2(2001-10-10) Monobit: 0 rngtest: FIPS 140-2(2001-10-10) Poker: 0 rngtest: FIPS 140-2(2001-10-10) Runs: 0 rngtest: FIPS 140-2(2001-10-10) Long run: 0 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=486.069; avg=509.651; max=640.400)bits/s rngtest: FIPS tests speed: (min=113.533; avg=117.509; max=119.209)Mibits/s rngtest: Program run time: 769402483 microseconds real 12m49.404s user 0m0.008s sys 0m0.040s
AMD768 RNG:
rngtest: bits received from input: 215665632 rngtest: FIPS 140-2 successes: 10779 rngtest: FIPS 140-2 failures: 4 rngtest: FIPS 140-2(2001-10-10) Monobit: 0 rngtest: FIPS 140-2(2001-10-10) Poker: 0 rngtest: FIPS 140-2(2001-10-10) Runs: 3 rngtest: FIPS 140-2(2001-10-10) Long run: 1 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=125.399; avg=252.338; max=13582.232)Kibits/s rngtest: FIPS tests speed: (min=69.611; avg=109.216; max=110.892)Mibits/s rngtest: Program run time: 836622710 microseconds real 13m56.625s user 0m1.928s sys 0m18.481s
Updated by Marc Dequènes almost 14 years ago
- Priority changed from Immediate to High
- % Done changed from 20 to 30
Haveged seems not so bad, according to rngtest, with a much better throughput than timer_entropyd, so i guess it can be a correct stopgap and be better examined later (i don't want to spend a lot of money on a mass Simtec UDB device purchase until i get more info).
It is now installed on Toushirou, Elwing, and Daneel (instead of timerentropyd), so they should not have an empty pool anymore. Lowering severity to reflect this.
Updated by Marc Dequènes over 13 years ago
- Status changed from In Progress to Resolved
- % Done changed from 30 to 100
Everything is fine now. According to what i've read, i don't think this method gives bad quality randomness, even if a few bad data occurs sometimes (67/100000), but well this cases can really occur sometimes, so that's not so horrible. I'm leaving it with this solution and will keep an eye on it.