On 05/28/2017 04:24 AM, Tony Mountifield wrote:
In article <792718e8-f403-1dea-367d-977b157af82c@xxxxxxxxxxxxxxx>,
Robert Moskowitz <rgm@xxxxxxxxxxxxxxx> wrote:
On 05/26/2017 08:35 PM, Leon Fauster wrote:
Am 27.05.2017 um 01:09 schrieb Robert Moskowitz <rgm@xxxxxxxxxxxxxxx>:
I am use to low random entropy on my arm boards, not an intel.
On my Lenovo x120e,
cat /proc/sys/kernel/random/entropy_avail
reports 3190 bits of entropy.
On my armv7 with Centos7 I would get 130 unless I installed rng-tools and then I get ~1300. SSH into one and it
drops back to 30! for a few minutes. Sigh.
Anyway on my new Zotac nano ad12 with an AMD E-1800 duo core, I am seeing 180.
I installed rng-tools and no change. Does anyone here know how to improve the random entropy?
http://issihosts.com/haveged/
EPEL: yum install haveged
WOW!!!
installed, enabled, and started.
Entropy jumped from ~130 bits to ~2000 bits
thanks
Note to anyone running a web server, or creating certs. You need
entropy. Without it your keys are weak and attackable. Probably even
known already.
Interesting. I just did a quick check of the various servers I support,
and have noticed that all the CentOS 5 and 6 systems report entropy in
the low hundreds of bits, but all the CentOS 4 systems and the one old
FC3 system all report over 3000 bits.
Since they were all pretty much stock installs, what difference between
the versions might explain what I observed?
This is partly why so many certs found in the U of Mich study are weak
and factorable. So many systems have inadequate entropy for the
generation of key pairs to use in TLS certs. Worst are certs created in
firstboot process where at times there is no entropy, but the firstboot
still creates its certs.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
