Re: Random entropy difference between F26 workstation and minimal server

[Robert Moskowitz <rgm@xxxxxxxxxxxxxxx>]

On 08/27/2017 04:25 PM, Robert Moskowitz wrote:
> On 08/27/2017 04:08 PM, Peter Robinson wrote:
> > On Sun, Aug 27, 2017 at 8:59 PM, Robert Moskowitz 
> > <rgm@xxxxxxxxxxxxxxx> wrote:
> > > On 08/27/2017 03:31 PM, Peter Robinson wrote:
> > > > On Sun, Aug 27, 2017 at 6:57 PM, Robert Moskowitz 
> > > > <rgm@xxxxxxxxxxxxxxx>
> > > > wrote:
> > > > > I use:
> > > > >
> > > > > cat /proc/sys/kernel/random/entropy_avail
> > > > >
> > > > > To check on the amount of entropy for creating random stuff like 
> > > > > keypairs
> > > > > with openssl or random nonces and keys for TLS..
> > > > >
> > > > > I am using a Cubieboad2.
> > > > >
> > > > > With Fedora-Xfce-armhfp-26-1.5-sda.raw.xz I was seeing numbers in the
> > > > > 3,000.
> > > > > I don't have that image running right now to get an actual number.
> > > > >
> > > > > I just built a system with: Fedora-Server-armhfp-26-1.5-sda.raw.xz
> > > > >
> > > > > I am seeing numbers only in the mid 800s:
> > > > >
> > > > > [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail
> > > > > 866
> > > > > [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail
> > > > > 803
> > > > > [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail
> > > > > 828
> > > > >
> > > > >
> > > > > What is different between these two images?  It is the same 
> > > > > Cubieboard.
> > > > Different images have different services enabled by default, is
> > > > rng-tools intsalled by default on server image?
> > >
> > > Just checked and
> > >
> > > Package rng-tools-5-9.fc26.armv7hl is already installed
> > >
> > > And after running dnf, entropy dropped to 324....
> > >
> > >
> > >
> > > > > I have also installed rng-tools with some success, but not as much as
> > > > > haveged.
> > > > There's a quality difference between HW rng vs haveged which provides
> > > > entropy but might not be as random as a proper HW rng
> > > I could boot up the workstation Xfce image I have, but I was kind of 
> > > hoping
> > > there was some knowledge here on differences.
> > >
> > > Other than workstation running something like haveged, what else 
> > > could be
> > > the source of the entropy difference?
> > Different services consuming the available entropy
> OK.  that is the basic answer.  This is the minimal server.  There are 
> no connections to it.  I am using the serial console.  It does have 
> cockpit running by default, but I would hope that is idling and not 
> eating up things like resources.  I should probably disable it, as it 
> is not something I would use.
>
> Any idea on how I can figure out what is consuming the entropy?
>
> My minimal Centos7-arm images have ~2500 for the entropy value.

Don't think it should be cockpit:

# systemctl status cockpit
● cockpit.service - Cockpit Web Service
   Loaded: loaded (/usr/lib/systemd/system/cockpit.service; static; 
vendor prese
   Active: inactive (dead)
     Docs: man:cockpit-ws(8)

_______________________________________________
arm mailing list -- arm@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to arm-leave@xxxxxxxxxxxxxxxxxxxxxxx