[crux-devel] entropy-saver.c to seed real entropy

Steffen Nurpmeso steffen at sdaoden.eu
Thu Jun 13 16:02:51 UTC 2019

Predrag Ivanović wrote in <20190613011357.04ac80c9 at deus>:
 |On Wed, 12 Jun 2019 21:52:58 +0200
 |Steffen Nurpmeso wrote:

It seems this little program is a huge success. ^_^

 |>But likely only because i hit a key...  I looked around and saw
 |>other people with the same problem using the haveged daemon, which
 |>is kind of strange as it can generate thousands of bits of hard
 |>randomness in a second.>
 |Would you explain what you mean by this?
 |I've been using haveged for years, without issues, afaict.

I use it too on the server, in addition to the entropy server.
I have to use mailman, and that somehow consumes randomness like
grazy even in idle state, which is a big pity, as it can drive
down all the other programs which sometimes use randomness.
(Python people and mathematics ..., me thinks.)  My provider does
not feed in random into the VM, so i would be lost without it.

This is especially a pity with the current OpenSSL which turns to
blocking mode at least when its used the first time, until
unlocked.  (This is what caused the openssl-users thread one or
two weeks ago; i think they might change that again.) Now i do not
know whether multi-process servers reinit their OpenSSL state
machine for each and every connection, or take the prepared one
with the fork(2)ed child.

Yeah, i mean, i shortly looked at haveged code last year and it
does some things which should cause randomness; but of course the
quality cannot be that high, if i compare that to all the things
that go on in a system, with application I/O, logging, file
system, network, and other interrupts, whatever, which counts for
3 bits or what per second here, and about one on the server
(iirc), whereas that little "math from nowhere" produces
a thousand bits or more in the same time.

|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

More information about the crux-devel mailing list