AppSuite:GuardEntropy

Revision as of 19:22, 5 June 2015 by Greg.hill (talk | contribs) (Created page with "= Entropy = In order to create encryption keys, a linux system requires entropy, and unpredictable input of randomness. In general, Linux systems use keyboard and mouse input...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Entropy

In order to create encryption keys, a linux system requires entropy, and unpredictable input of randomness. In general, Linux systems use keyboard and mouse input randomness to generate entropy. On standalone servers, this input is not available. Other activity, such as disk access, is used, but the amount of entropy available can become an issue.

Guard uses the entropy to generate its encryption keys. If entropy is deleted, the creation of keys was significantly slow down. The administrator can monitor the amount of entropy by entering the following command:

cat /proc/sys/kernel/random/entropy_avail

a number less than 200 would cause significant concern. Ideally in a guard system, the number should be much higher.

If entropy becomes a problem, we would recommend installing the package “haveged”. This uses the hardware volatile entropy gathering and expansion of the rhythm. This will repopulate the entropy available in a Linux system by monitoring other hardware actions.

Debian

To install, on a Debian system, type the following:

apt-get install haveged

the configuration file is located in /etc/default/haveged you may want to check that the following arguments are present in the config file:

DAEMON_ARGS="-w 1024"

likewise, to make sure that haveged starts upon restart, type the following

update-rc.d haveged defaults

REHL

On a REHL system, to install type the following

Yum install haveged

and to make sure it starts when restarted

chkconfig haveged on

Once it’s installed, you can again check the amount of entropy available. The number should be significantly higher.