On 08/27/2017 04:25 PM, Robert Moskowitz wrote:
On 08/27/2017 04:08 PM, Peter Robinson wrote:
> On Sun, Aug 27, 2017 at 8:59 PM, Robert Moskowitz
> <rgm(a)htt-consult.com> wrote:
>>
>> On 08/27/2017 03:31 PM, Peter Robinson wrote:
>>> On Sun, Aug 27, 2017 at 6:57 PM, Robert Moskowitz
>>> <rgm(a)htt-consult.com>
>>> wrote:
>>>> I use:
>>>>
>>>> cat /proc/sys/kernel/random/entropy_avail
>>>>
>>>> To check on the amount of entropy for creating random stuff like
>>>> keypairs
>>>> with openssl or random nonces and keys for TLS..
>>>>
>>>> I am using a Cubieboad2.
>>>>
>>>> With Fedora-Xfce-armhfp-26-1.5-sda.raw.xz I was seeing numbers in the
>>>> 3,000.
>>>> I don't have that image running right now to get an actual number.
>>>>
>>>> I just built a system with: Fedora-Server-armhfp-26-1.5-sda.raw.xz
>>>>
>>>> I am seeing numbers only in the mid 800s:
>>>>
>>>> [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail
>>>> 866
>>>> [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail
>>>> 803
>>>> [root@C2 ~]# cat /proc/sys/kernel/random/entropy_avail
>>>> 828
>>>>
>>>>
>>>> What is different between these two images? It is the same
>>>> Cubieboard.
>>> Different images have different services enabled by default, is
>>> rng-tools intsalled by default on server image?
>>
>> Just checked and
>>
>> Package rng-tools-5-9.fc26.armv7hl is already installed
>>
>> And after running dnf, entropy dropped to 324....
>>
>>
>>
>>>> I have also installed rng-tools with some success, but not as much as
>>>> haveged.
>>> There's a quality difference between HW rng vs haveged which provides
>>> entropy but might not be as random as a proper HW rng
>>>
>> I could boot up the workstation Xfce image I have, but I was kind of
>> hoping
>> there was some knowledge here on differences.
>>
>> Other than workstation running something like haveged, what else
>> could be
>> the source of the entropy difference?
> Different services consuming the available entropy
>
OK. that is the basic answer. This is the minimal server. There are
no connections to it. I am using the serial console. It does have
cockpit running by default, but I would hope that is idling and not
eating up things like resources. I should probably disable it, as it
is not something I would use.
Any idea on how I can figure out what is consuming the entropy?
My minimal Centos7-arm images have ~2500 for the entropy value.
Don't think it should be cockpit:
# systemctl status cockpit
● cockpit.service - Cockpit Web Service
Loaded: loaded (/usr/lib/systemd/system/cockpit.service; static;
vendor prese
Active: inactive (dead)
Docs: man:cockpit-ws(8)