You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2019-12-29 01:14:20
- wdcbb
- Member
- Registered: 2019-12-28
- Posts: 2
Haveged is or is not recomended?
I am on: Devuan
Linux 4cpu 4.9.0-11-amd64 #1 SMP Debian 4.9.189-3+deb9u2 (2019-11-11) x86_64 GNU/Linux
I thought I read somewhere that haveged was no longer needed because that function was in the kernel now.
Offline
#2 2019-12-30 00:50:14
- wdcbb
- Member
- Registered: 2019-12-28
- Posts: 2
Re: Haveged is or is not recomended?
Posted this to freenode #devuan:
I thought haveged was installed by default with the system (ASCII 2.1) but I was wrong.
It seems to me that it should be, but maybe there is a reason that it is not. I have looked
around a little and I have not found any guidance. Should I install it? This is on a
personal computer. If there are some parameters or considerations – what are they?
I am new to chat so please excuse my startup clumseyness.
Someone named debdog sent me to https://issihosts.com/haveged/
Then I looked at https://unix.stackexchange.com/question … py-quality
Then I did this in /proc/sys/kernel/random
# for fname in $(ls) do print $($fname) = $(cat $fname) done
boot_id = a0317a59-6850-4792-988c-edccc4257942
entropy_avail = 3512
poolsize = 4096
read_wakeup_threshold = 64
urandom_min_reseed_secs = 60
uuid = aca2695e-d69a-4fbf-99fd-ed2b3401f7f1
write_wakeup_threshold = 1024
Then ran it again
# for fname in $(ls)^Jdo^Jprint $fname = $(cat $fname) ^Jdone
boot_id = a0317a59-6850-4792-988c-edccc4257942
entropy_avail = 3269
poolsize = 4096
read_wakeup_threshold = 64
urandom_min_reseed_secs = 60
uuid = e632e645-8255-4c09-a558-4943102393f4
write_wakeup_threshold = 1024
Then read the man page for uuid. Now I know how much I dont know (again).
I hope this saves someone some time.
PRNG = pseudo random number generator.
Offline
#3 2019-12-30 11:46:58
- Head_on_a_Stick
- Member
- From: London
- Registered: 2019-03-24
- Posts: 3,125
- Website
Re: Haveged is or is not recomended?
Your entropy_avail looks fine, only worry once it gets bellow ~1000.
And anyway haveged only provides a pseudorandom output, get a hardware random number generator if you're serious about this stuff.
Brianna Ghey — Rest In Power
Offline
#4 2019-12-30 13:08:08
- HevyDevy
- Member
- Registered: 2019-09-06
- Posts: 358
Re: Haveged is or is not recomended?
Im not sure on this as im running refracta linux beowulf and i think it is part of of refracta.
as head on a stick mentions use rng-tools if you are a crypto enthusiast, its in the repos.
Offline
#5 2019-12-30 14:43:29
- fsmithred
- Administrator
- Registered: 2016-11-25
- Posts: 2,500
Re: Haveged is or is not recomended?
I added haveged to Refracta isos so that it wouldn't take five minutes to boot while new ssh host keys were being made. The live iso makes new keys on every boot so we all don't have the same host keys. I didn't think it was needed for an installed system, but I could be wrong.
Offline
#6 2019-12-30 16:41:30
- Head_on_a_Stick
- Member
- From: London
- Registered: 2019-03-24
- Posts: 3,125
- Website
Re: Haveged is or is not recomended?
I didn't think it was needed for an installed system
I think there was a kernel regression a while ago that haveged could work around but I'm pretty sure it's fixed by now.
Brianna Ghey — Rest In Power
Offline
Pages: 1
