faster /dev/random

[Wolfgang S. Rupprecht]

Bill Davidsen <davidsen at tmr.com> writes:
> Wolfgang S. Rupprecht wrote:
>> Is there an approved way to increase the speed at which the random pool
>> for /dev/random fills up?  I'm playig with dnssec and getnerating 2k rsa
>> keys is taking up to 3 hours.  I've been googling a bit and Intel x86_64
>> machines seem to have random number hardware built in (perhaps also
>> AMD???)  Is there a way to funnel this into the entropy pool?
>> 
> To be honest, I thought the data from the TCO random generator was funneled in 
> already. That's what the "intel-rng" module does.
>
> Current kernel built with:
> CONFIG_HW_RANDOM=y
> CONFIG_HW_RANDOM_TIMERIOMEM=m
> CONFIG_HW_RANDOM_INTEL=m
> CONFIG_HW_RANDOM_AMD=m
> CONFIG_HW_RANDOM_GEODE=m
> CONFIG_HW_RANDOM_VIA=m
> CONFIG_HW_RANDOM_VIRTIO=m

Thanks.  That gave me a few good strings to google for.

> If your CPU has the hardware the module should be loaded, but you can
> check with "lsmod | grep rng" to be sure, or load manually to
> test. Also virtio_rng might be useful. You might have to load by hand
> to test, then config to load by default if you want.

It turns out my (2 year old) AMD Phenom 9350e Quad-Core doesn't seem to
have that module loaded.  In fact, googling for "AMD hardware random
number generator" got me a few hits of folks running an ms-windows tool
on similar processors and one of the flags checked was for the hardware
rng, which always seemed to be "not supported".  I guess the modern CPU
really don't have that hardware any more.  How strange (and sad!).

-wolfgang
-- 
Wolfgang S. Rupprecht      http://www.wsrcc.com/wolfgang/      (IPv6-only)