Bug #74
closed
Low entropy on several servers.
Added by Marc Dequènes almost 14 years ago.
Updated over 13 years ago.
Description
With the new stats, we can see:
https://stats.duckcorp.org/graph_view.php?action=preview&host_id=0&graph_template_id=0&filter=rand
Orfeo has got a HRNG, which helps having a sufficient, even if still low, level of entropy. Daneel uses timer_entropyd, which seems to be a "not so bad" cheap generator.
As cryptography is used more and more, then more and more entropy is needed, then we need to find a solution to avoid hanging process (due to the blocking behavior of /dev/random).
Here is interresting documentation:
haveged seems to be an interresting software generator, maybe better then timer_entropyd.
Example of HRNG:
The simtec USB key seems to pass FIPS and Diehard tests and have happy users. It has Free and Linux-compatible drivers, already packaged by Debian. Maybe a good solution.
- % Done changed from 10 to 20
Testing Haveged on Toushirou and Orfeo.
HAVEGEd:
[root@Annael ~]# time cat /dev/random | rngtest -c 100000
rngtest 2-unofficial-mt.13
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: 2000000032
rngtest: FIPS 140-2 successes: 99933
rngtest: FIPS 140-2 failures: 67
rngtest: FIPS 140-2(2001-10-10) Monobit: 5
rngtest: FIPS 140-2(2001-10-10) Poker: 12
rngtest: FIPS 140-2(2001-10-10) Runs: 23
rngtest: FIPS 140-2(2001-10-10) Long run: 27
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=748.553; avg=18362.087; max=19531250.000)Kibits/s
rngtest: FIPS tests speed: (min=49.413; avg=135.127; max=139.223)Mibits/s
rngtest: Program run time: 120614163 microseconds
real 2m0.615s
user 0m14.061s
sys 1m56.959s
timer_entropyd:
rngtest: bits received from input: 389184
rngtest: FIPS 140-2 successes: 19
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=486.069; avg=509.651; max=640.400)bits/s
rngtest: FIPS tests speed: (min=113.533; avg=117.509; max=119.209)Mibits/s
rngtest: Program run time: 769402483 microseconds
real 12m49.404s
user 0m0.008s
sys 0m0.040s
AMD768 RNG:
rngtest: bits received from input: 215665632
rngtest: FIPS 140-2 successes: 10779
rngtest: FIPS 140-2 failures: 4
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 3
rngtest: FIPS 140-2(2001-10-10) Long run: 1
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=125.399; avg=252.338; max=13582.232)Kibits/s
rngtest: FIPS tests speed: (min=69.611; avg=109.216; max=110.892)Mibits/s
rngtest: Program run time: 836622710 microseconds
real 13m56.625s
user 0m1.928s
sys 0m18.481s
- Priority changed from Immediate to High
- % Done changed from 20 to 30
Haveged seems not so bad, according to rngtest, with a much better throughput than timer_entropyd, so i guess it can be a correct stopgap and be better examined later (i don't want to spend a lot of money on a mass Simtec UDB device purchase until i get more info).
It is now installed on Toushirou, Elwing, and Daneel (instead of timerentropyd), so they should not have an empty pool anymore. Lowering severity to reflect this.
- Status changed from In Progress to Resolved
- % Done changed from 30 to 100
Everything is fine now. According to what i've read, i don't think this method gives bad quality randomness, even if a few bad data occurs sometimes (67/100000), but well this cases can really occur sometimes, so that's not so horrible. I'm leaving it with this solution and will keep an eye on it.
Also available in: Atom
PDF