faster /dev/random
Bill Davidsen
davidsen at tmr.com
Wed Aug 25 21:59:08 UTC 2010
Wolfgang S. Rupprecht wrote:
> Bill Davidsen <davidsen at tmr.com> writes:
>> Wolfgang S. Rupprecht wrote:
>>> Is there an approved way to increase the speed at which the random pool
>>> for /dev/random fills up? I'm playig with dnssec and getnerating 2k rsa
>>> keys is taking up to 3 hours. I've been googling a bit and Intel x86_64
>>> machines seem to have random number hardware built in (perhaps also
>>> AMD???) Is there a way to funnel this into the entropy pool?
>>>
>> To be honest, I thought the data from the TCO random generator was funneled in
>> already. That's what the "intel-rng" module does.
>>
>> Current kernel built with:
>> CONFIG_HW_RANDOM=y
>> CONFIG_HW_RANDOM_TIMERIOMEM=m
>> CONFIG_HW_RANDOM_INTEL=m
>> CONFIG_HW_RANDOM_AMD=m
>> CONFIG_HW_RANDOM_GEODE=m
>> CONFIG_HW_RANDOM_VIA=m
>> CONFIG_HW_RANDOM_VIRTIO=m
>
> Thanks. That gave me a few good strings to google for.
>
>> If your CPU has the hardware the module should be loaded, but you can
>> check with "lsmod | grep rng" to be sure, or load manually to
>> test. Also virtio_rng might be useful. You might have to load by hand
>> to test, then config to load by default if you want.
>
> It turns out my (2 year old) AMD Phenom 9350e Quad-Core doesn't seem to
> have that module loaded. In fact, googling for "AMD hardware random
> number generator" got me a few hits of folks running an ms-windows tool
> on similar processors and one of the flags checked was for the hardware
> rng, which always seemed to be "not supported". I guess the modern CPU
> really don't have that hardware any more. How strange (and sad!).
>
I haven't looked into what virtio-rng does, but it does load on anything I can
quickly test, and I doubt it will make your number any worse.
There are number of cheap USB rng units around which are supported, I just read
about one in Rich Jones' fine blog,
http://rwmj.wordpress.com/2010/08/04/usb-hardware-random-number-generator/
which will probably get you started. His analysis is worth reading if only to
see that some people still have pride in their product.
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the users
mailing list