Guys,
I ran cat /dev/urandom | rngtest -c 1000
and got:
rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 998
rngtest: FIPS 140-2 failures: 2
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 1
rngtest: FIPS 140-2(2001-10-10) Long run: 1
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=22.980; avg=501.129; max=19073.486)Mibits/s
rngtest: FIPS tests speed: (min=98.317; avg=121.603; max=131.541)Mibits/s
rngtest: Program run time: 198018 microseconds
Does this look bad to you considering all of my slow SASL auths? (no haveged is on at this point.. available entropy is between 131 - 160... pool size is default 4096.
I also tried installing haveged, which worked fine, but as soon as I started the service it said something like process dead, sub sys locked... ? Sorry, entropy is fairly new to me.
On Thu, Sep 10, 2015 at 5:24 PM, <signaldeveloper@xxxxxxxxx> wrote:
Andre,
Really? What should it be? I was curious and checked.. Entropy on some of my other big time production servers for email is only about 200) and its lightning fast?
- Paul
> On Sep 10, 2015, at 5:00 PM, Andre Felipe Machado <andremachado@xxxxxxxxxxxxxxxx> wrote:
>
> Hello,
> Entropy of 158 is way too low for production servers. And this *MAY* cause weird
> slowness without logging any errors.
> You could install "haveged" and configure for max threshold levels on production
> servers.
> https://packages.debian.org/search?keywords=haveged
>
> Regards.
>
> Andre Felipe
> http://www.techforce.com.br
>
>
>
> signaldeveloper@xxxxxxxxx wrote ..
>> Rudy,
>>
>> Entropy is 158 I just looked. And as far as compiling against urandom, to be
> honest
>> I'm
>> not sure.
>>
>> - Paul
>>
>>
>>
>>
>>> On Sep 6, 2015, at 9:50 PM, Rudy Gevaert <Rudy.Gevaert@xxxxxxxx> wrote:
>>>
>>>
>>> Quoting signaldeveloper@xxxxxxxxx, Mon, 07 Sep 2015:
>>>
>>>> Hosts file is fine I checked that, thanks. Kolab uses 389 to
>>>> authenticate for everything, so Cyrus is using LDAP as you can see
>>>> above. I think the problem lies in the constant TLS logins into
>>>> Cyrus for every click:
>>>>
>>>> imap[2281]: login: localhost [::1] johndoe@xxxxxxxxxx PLAIN+TLS User
>>>> logged in
>>>> SESSIONID=<es1.domain.com-2281-1441500890-1-15740725055571902363>
>>>> Sep 5 20:54:51 es1 imap[2281]: USAGE johndoe@xxxxxxxxxx user:
>>>> 0.009998 sys: 0.006999
>>>>
>>>>
>>>> Again its only one user, on roundcube... I am afraid to put any more
>>>> users on it. There doesn't seem to be much of performance tweaks
>>>> with Cyrus around the web either...
>>>
>>> does your system have enough entropy?
>>>
>>> Is saslauthd compiled against /dev/urandom?
>>>
>>> Rudy
>>>
>>> --
>>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>>> Rudy Gevaert e-mail: Rudy.Gevaert@xxxxxxxx
>>> Directie ICT, Afdeling Infrastructuur
>>> Groep Systemen tel: +32 9 264 4750
>>> Universiteit Gent fax: +32 9 264 4994
>>> Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be
>>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>>>
>>>
>>> ----
>>> Cyrus Home Page: http://www.cyrusimap.org/
>>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>>> To Unsubscribe:
>>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>> ----
>> Cyrus Home Page: http://www.cyrusimap.org/
>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>> To Unsubscribe:
>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
