Checking up on the grapĥs CGP is giving me, I noticed Enthropy getting low on 2 of my pi's. -Nice thing I have monitoring ;)
Some google'ing thought me that the RasPi has a hardware random number generator on board, but its just not enabled.
Can't explain it much better that this , so here's a link:
http://vk5tu.livejournal.com/43059.html
TL;DR:
- add line 'bcm2708-rng' to file /etc/modules
- Reboot the machine
- sudo apt-get install rng-tools
What do we need entropy for ? For example, new processes have randomized addresses (ASLR) and network packets need random sequence numbers. Even the filesystem module may remove some entropy.
As The next post should be the first in a series on setting up your own OpenVPN on your raspberry ; I thought it might be wise to read up on some random security ;)
From random.c:
/dev/random is suitable for use when very high
* quality randomness is desired (for example, for key generation or
* one-time pads), as it will only return a maximum of the number of
* bits of randomness (as estimated by the random number generator)
* contained in the entropy pool. The /dev/urandom device does not have this limit, and will return
* as many bytes as are requested. As more and more random bytes are
* requested without giving time for the entropy pool to recharge,
* this will result in random numbers that are merely cryptographically
* strong. For many applications, however, this is acceptable.So in the end, this probably won't speed things up , but will improve security when you would have had no more truly random numbers available.
New output in syslog :
Feb 31 17:01:25 blackpi rngd[2272]: stats: bits
received from HRNG source: 4500064
Feb 31 17:01:25 blackpi rngd[2272]: stats: bits sent
to kernel pool: 4422560
Feb 31 17:01:25 blackpi rngd[2272]: stats: entropy
added to kernel pool: 4422560
Feb 31 17:01:25 blackpi rngd[2272]: stats: FIPS
140-2 successes: 224
Feb 31 17:01:25 blackpi rngd[2272]: stats: FIPS
140-2 failures: 1
Feb 31 17:01:25 blackpi rngd[2272]: stats: FIPS
140-2(2001-10-10) Monobit: 0
Feb 31 17:01:25 blackpi rngd[2272]: stats: FIPS
140-2(2001-10-10) Poker: 0
Feb 31 17:01:25 blackpi rngd[2272]: stats: FIPS
140-2(2001-10-10) Runs: 1
Feb 31 17:01:25 blackpi rngd[2272]: stats: FIPS
140-2(2001-10-10) Long run: 0
Feb 31 17:01:25 blackpi rngd[2272]: stats: FIPS
140-2(2001-10-10) Continuous run: 0
Feb 31 17:01:25 blackpi rngd[2272]: stats: HRNG
source speed: (min=367.841; avg=711.006; max=816.319)Kibits/s
Feb 31 17:01:25 blackpi rngd[2272]: stats: FIPS
tests speed: (min=1.637; avg=5.827; max=7.937)Mibits/s
Feb 31 17:01:25 blackpi rngd[2272]: stats: Lowest
ready-buffers level: 2
Feb 31 17:01:25 blackpi rngd[2272]: stats: Entropy
starvations: 0
Feb 31 17:01:25 blackpi rngd[2272]: stats: Time
spent starving for entropy: (min=0; avg=0.000; max=0)us
|
Geen opmerkingen:
Een reactie posten