The officially official Devuan Forum!

You are not logged in.

#1 2019-12-29 01:14:20

wdcbb
Member
Registered: 2019-12-28
Posts: 2  

Haveged is or is not recomended?

I am on: Devuan
Linux 4cpu 4.9.0-11-amd64 #1 SMP Debian 4.9.189-3+deb9u2 (2019-11-11) x86_64 GNU/Linux
I thought I read somewhere that haveged was no longer needed because that function was in the kernel now.

Offline

#2 2019-12-30 00:50:14

wdcbb
Member
Registered: 2019-12-28
Posts: 2  

Re: Haveged is or is not recomended?

Posted this to  freenode #devuan:
I thought haveged was installed by default with the system (ASCII 2.1) but I was wrong.
It seems to me that it should be, but maybe there is a reason that it is not. I have looked
around a little and I have not found any guidance.  Should I install it? This is on a
personal computer. If there are some parameters or considerations – what are they?
I am new to chat so please excuse my startup clumseyness.

Someone named debdog sent me to https://issihosts.com/haveged/
Then I looked at https://unix.stackexchange.com/question … py-quality
Then I did this in    /proc/sys/kernel/random

# for fname in $(ls)         do      print  $($fname) = $(cat $fname)       done

boot_id = a0317a59-6850-4792-988c-edccc4257942
entropy_avail = 3512
poolsize = 4096
read_wakeup_threshold = 64
urandom_min_reseed_secs = 60
uuid = aca2695e-d69a-4fbf-99fd-ed2b3401f7f1
write_wakeup_threshold = 1024

Then ran it again
# for fname in $(ls)^Jdo^Jprint  $fname = $(cat $fname) ^Jdone
boot_id = a0317a59-6850-4792-988c-edccc4257942
entropy_avail = 3269
poolsize = 4096
read_wakeup_threshold = 64
urandom_min_reseed_secs = 60
uuid = e632e645-8255-4c09-a558-4943102393f4
write_wakeup_threshold = 1024

Then read the man page for uuid.  Now I know how much I dont know (again).
I hope this saves someone some time.
PRNG = pseudo random number generator.

Offline

#3 2019-12-30 11:46:58

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Haveged is or is not recomended?

Your entropy_avail looks fine, only worry once it gets bellow ~1000.

And anyway haveged only provides a pseudorandom output, get a hardware random number generator if you're serious about this stuff.


Brianna Ghey — Rest In Power

Offline

#4 2019-12-30 13:08:08

HevyDevy
Member
Registered: 2019-09-06
Posts: 358  

Re: Haveged is or is not recomended?

Im not sure on this as im running refracta linux beowulf and i think it is part of of refracta.

as head on a stick mentions use rng-tools if you are a crypto enthusiast, its in the repos.

https://packages.debian.org/buster/rng-tools

https://pkginfo.devuan.org/stage/ascii/ … 5_5-1.html

Offline

#5 2019-12-30 14:43:29

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,481  

Re: Haveged is or is not recomended?

I added haveged to Refracta isos so that it wouldn't take five minutes to boot while new ssh host keys were being made. The live iso makes new keys on every boot so we all don't have the same host keys. I didn't think it was needed for an installed system, but I could be wrong.

Offline

#6 2019-12-30 16:41:30

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Haveged is or is not recomended?

fsmithred wrote:

I didn't think it was needed for an installed system

I think there was a kernel regression a while ago that haveged could work around but I'm pretty sure it's fixed by now.


Brianna Ghey — Rest In Power

Offline

Board footer