I use:
cat /proc/sys/kernel/random/entropy_avail
To check on the amount of entropy for creating random stuff like keypairs with openssl or random nonces and keys for TLS..
I am using a Cubieboad2.
With Fedora-Xfce-armhfp-26-1.5-sda.raw.xz I was seeing numbers in the 3,000. I don't have that image running right now to get an actual number.
I just built a system with: Fedora-Server-armhfp-26-1.5-sda.raw.xz
I am seeing numbers only in the mid 800s:
[root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 866 [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 803 [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 828
What is different between these two images? It is the same Cubieboard.
I have had to install haveged on my Centos7-arm images to get decent entropy.
I have also installed rng-tools with some success, but not as much as haveged.
thanks
Bob
On Sun, Aug 27, 2017 at 6:57 PM, Robert Moskowitz rgm@htt-consult.com wrote:
I use:
cat /proc/sys/kernel/random/entropy_avail
To check on the amount of entropy for creating random stuff like keypairs with openssl or random nonces and keys for TLS..
I am using a Cubieboad2.
With Fedora-Xfce-armhfp-26-1.5-sda.raw.xz I was seeing numbers in the 3,000. I don't have that image running right now to get an actual number.
I just built a system with: Fedora-Server-armhfp-26-1.5-sda.raw.xz
I am seeing numbers only in the mid 800s:
[root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 866 [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 803 [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 828
What is different between these two images? It is the same Cubieboard.
Different images have different services enabled by default, is rng-tools intsalled by default on server image?
I have also installed rng-tools with some success, but not as much as haveged.
There's a quality difference between HW rng vs haveged which provides entropy but might not be as random as a proper HW rng
On 08/27/2017 03:31 PM, Peter Robinson wrote:
On Sun, Aug 27, 2017 at 6:57 PM, Robert Moskowitz rgm@htt-consult.com wrote:
I use:
cat /proc/sys/kernel/random/entropy_avail
To check on the amount of entropy for creating random stuff like keypairs with openssl or random nonces and keys for TLS..
I am using a Cubieboad2.
With Fedora-Xfce-armhfp-26-1.5-sda.raw.xz I was seeing numbers in the 3,000. I don't have that image running right now to get an actual number.
I just built a system with: Fedora-Server-armhfp-26-1.5-sda.raw.xz
I am seeing numbers only in the mid 800s:
[root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 866 [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 803 [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 828
What is different between these two images? It is the same Cubieboard.
Different images have different services enabled by default, is rng-tools intsalled by default on server image?
Just checked and
Package rng-tools-5-9.fc26.armv7hl is already installed
And after running dnf, entropy dropped to 324....
I have also installed rng-tools with some success, but not as much as haveged.
There's a quality difference between HW rng vs haveged which provides entropy but might not be as random as a proper HW rng
I could boot up the workstation Xfce image I have, but I was kind of hoping there was some knowledge here on differences.
Other than workstation running something like haveged, what else could be the source of the entropy difference?
Bob
On Sun, Aug 27, 2017 at 8:59 PM, Robert Moskowitz rgm@htt-consult.com wrote:
On 08/27/2017 03:31 PM, Peter Robinson wrote:
On Sun, Aug 27, 2017 at 6:57 PM, Robert Moskowitz rgm@htt-consult.com wrote:
I use:
cat /proc/sys/kernel/random/entropy_avail
To check on the amount of entropy for creating random stuff like keypairs with openssl or random nonces and keys for TLS..
I am using a Cubieboad2.
With Fedora-Xfce-armhfp-26-1.5-sda.raw.xz I was seeing numbers in the 3,000. I don't have that image running right now to get an actual number.
I just built a system with: Fedora-Server-armhfp-26-1.5-sda.raw.xz
I am seeing numbers only in the mid 800s:
[root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 866 [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 803 [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 828
What is different between these two images? It is the same Cubieboard.
Different images have different services enabled by default, is rng-tools intsalled by default on server image?
Just checked and
Package rng-tools-5-9.fc26.armv7hl is already installed
And after running dnf, entropy dropped to 324....
I have also installed rng-tools with some success, but not as much as haveged.
There's a quality difference between HW rng vs haveged which provides entropy but might not be as random as a proper HW rng
I could boot up the workstation Xfce image I have, but I was kind of hoping there was some knowledge here on differences.
Other than workstation running something like haveged, what else could be the source of the entropy difference?
Different services consuming the available entropy
On 08/27/2017 04:08 PM, Peter Robinson wrote:
On Sun, Aug 27, 2017 at 8:59 PM, Robert Moskowitz rgm@htt-consult.com wrote:
On 08/27/2017 03:31 PM, Peter Robinson wrote:
On Sun, Aug 27, 2017 at 6:57 PM, Robert Moskowitz rgm@htt-consult.com wrote:
I use:
cat /proc/sys/kernel/random/entropy_avail
To check on the amount of entropy for creating random stuff like keypairs with openssl or random nonces and keys for TLS..
I am using a Cubieboad2.
With Fedora-Xfce-armhfp-26-1.5-sda.raw.xz I was seeing numbers in the 3,000. I don't have that image running right now to get an actual number.
I just built a system with: Fedora-Server-armhfp-26-1.5-sda.raw.xz
I am seeing numbers only in the mid 800s:
[root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 866 [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 803 [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 828
What is different between these two images? It is the same Cubieboard.
Different images have different services enabled by default, is rng-tools intsalled by default on server image?
Just checked and
Package rng-tools-5-9.fc26.armv7hl is already installed
And after running dnf, entropy dropped to 324....
I have also installed rng-tools with some success, but not as much as haveged.
There's a quality difference between HW rng vs haveged which provides entropy but might not be as random as a proper HW rng
I could boot up the workstation Xfce image I have, but I was kind of hoping there was some knowledge here on differences.
Other than workstation running something like haveged, what else could be the source of the entropy difference?
Different services consuming the available entropy
OK. that is the basic answer. This is the minimal server. There are no connections to it. I am using the serial console. It does have cockpit running by default, but I would hope that is idling and not eating up things like resources. I should probably disable it, as it is not something I would use.
Any idea on how I can figure out what is consuming the entropy?
My minimal Centos7-arm images have ~2500 for the entropy value.
thanks
On 08/27/2017 04:25 PM, Robert Moskowitz wrote:
On 08/27/2017 04:08 PM, Peter Robinson wrote:
On Sun, Aug 27, 2017 at 8:59 PM, Robert Moskowitz rgm@htt-consult.com wrote:
On 08/27/2017 03:31 PM, Peter Robinson wrote:
On Sun, Aug 27, 2017 at 6:57 PM, Robert Moskowitz rgm@htt-consult.com wrote:
I use:
cat /proc/sys/kernel/random/entropy_avail
To check on the amount of entropy for creating random stuff like keypairs with openssl or random nonces and keys for TLS..
I am using a Cubieboad2.
With Fedora-Xfce-armhfp-26-1.5-sda.raw.xz I was seeing numbers in the 3,000. I don't have that image running right now to get an actual number.
I just built a system with: Fedora-Server-armhfp-26-1.5-sda.raw.xz
I am seeing numbers only in the mid 800s:
[root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 866 [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 803 [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail 828
What is different between these two images? It is the same Cubieboard.
Different images have different services enabled by default, is rng-tools intsalled by default on server image?
Just checked and
Package rng-tools-5-9.fc26.armv7hl is already installed
And after running dnf, entropy dropped to 324....
I have also installed rng-tools with some success, but not as much as haveged.
There's a quality difference between HW rng vs haveged which provides entropy but might not be as random as a proper HW rng
I could boot up the workstation Xfce image I have, but I was kind of hoping there was some knowledge here on differences.
Other than workstation running something like haveged, what else could be the source of the entropy difference?
Different services consuming the available entropy
OK. that is the basic answer. This is the minimal server. There are no connections to it. I am using the serial console. It does have cockpit running by default, but I would hope that is idling and not eating up things like resources. I should probably disable it, as it is not something I would use.
Any idea on how I can figure out what is consuming the entropy?
My minimal Centos7-arm images have ~2500 for the entropy value.
Don't think it should be cockpit:
# systemctl status cockpit ● cockpit.service - Cockpit Web Service Loaded: loaded (/usr/lib/systemd/system/cockpit.service; static; vendor prese Active: inactive (dead) Docs: man:cockpit-ws(8)
Robert Moskowitz rgm@htt-consult.com writes:
What is different between these two images? It is the same Cubieboard.
Different images have different services enabled by default, is rng-tools intsalled by default on server image?
Just checked and
Package rng-tools-5-9.fc26.armv7hl is already installed
But is rngd actually running?
And after running dnf, entropy dropped to 324....
Hmm.
-derek
On 08/28/2017 07:56 AM, Derek Atkins wrote:
Robert Moskowitz rgm@htt-consult.com writes:
What is different between these two images? It is the same Cubieboard.
Different images have different services enabled by default, is rng-tools intsalled by default on server image?
Just checked and
Package rng-tools-5-9.fc26.armv7hl is already installed
But is rngd actually running?
My limited experience with the Centos7-arm build was install and it runs. I would have to check to see what services are there...
Again, limited experience, but on C7 without rngd, I was only seeing ~80 for entropy. Added rng-tools and it 'jumped' to ~800. Added haveged and it went up to ~2500. My F26 workstation with Xfce was showing ~3000. All on the same Cubieboard2.
And after running dnf, entropy dropped to 324....
Hmm.
I believe dnf uses https?
Bob