Haveged

来自 Arch Linux 中文维基

本文内容或本节内容已经过期。

原因: 请提供模板的第一个位置参数以概括原因。 (在Talk:Haveged讨论)

haveged 项目的目的是提供一个简单易用的不可预测 随机数生成器,基于 HAVEGE 算法。Haveged 可以解决在某些情况下,系统熵过低的问题。

警告: 此程序无法保证熵的质量([1][2]). 如果对安全要求较高,请考虑使用硬件随机数生成器 rng-tools.

安装[编辑 | 编辑源代码]

安装 软件包 haveged.

启动启用 服务 haveged.service

检查当前的熵[编辑 | 编辑源代码]

要检查是否需要 Haveged, 使用下面命令查看当前收集到的熵:

# cat /proc/sys/kernel/random/entropy_avail

如果结果比较低 (<1000),建议安装 haveged. 否则加密程序会等待系统有足够的熵。例如如果使用 软件热点,网速会比较慢。

安装 haveged 之后,可以再次查看系统熵看下有无提升。

其它选择[编辑 | 编辑源代码]

Unless you have a specific reason to not trust any hardware random number generator on your system, you should try to use them with the rng-tools first and if it turns out not to be enough (or if you do not have a hardware random number generator available), then use Haveged.

Virtual machines[编辑 | 编辑源代码]

As discussed at Is it appropriate to use haveged as a source of entropy on virtual machines?, it can be contested whether haveged provides quality entropy within a virtual environment. Haveged relies on the rdtsc instruction, which may be virtualized within a virtual machine resulting in lower quantity entropy. On some hypervisors, it is possible to disable the virtualization of rdtsc, which would in theory allow haveged to provide higher quality entropy.

To disable the virtualization of the rdtsc instruction in VMware ESXi, add the setting monitor_control.virtual_rdtsc = "FALSE" to the virtual machine’s .vmx configuration file. VMware recommends the setting for use when performing measurements that require a precise source of real time in the virtual machine. [3]

参阅[编辑 | 编辑源代码]