Difference between revisions of "Haveged"

From ArchWiki
Jump to: navigation, search
m
(Add category. See Help:Category.)
Line 1: Line 1:
 +
[[Category:Security]]
 
The haveged project is an attempt to provide an easy-to-use, unpredictable random number generator based upon an adaptation of the HAVEGE algorithm. Haveged was created to remedy low-entropy conditions in the Linux random device that can occur under some workloads, especially on headless servers.[http://www.issihosts.com/haveged/]
 
The haveged project is an attempt to provide an easy-to-use, unpredictable random number generator based upon an adaptation of the HAVEGE algorithm. Haveged was created to remedy low-entropy conditions in the Linux random device that can occur under some workloads, especially on headless servers.[http://www.issihosts.com/haveged/]
  

Revision as of 01:47, 24 October 2012

The haveged project is an attempt to provide an easy-to-use, unpredictable random number generator based upon an adaptation of the HAVEGE algorithm. Haveged was created to remedy low-entropy conditions in the Linux random device that can occur under some workloads, especially on headless servers.[1]

List available entropy

If you're not sure, whether you need haveged, run:

# cat /proc/sys/kernel/random/entropy_avail

This command shows you how much entropy your server has collected. If it is rather low (<1000), you should probably install haveged. Otherwise cryptographic applications will block until there is enough entropy available, which eg. could result in slow wlan speed, if your server is a Software Access Point.

You should use this command again to verify how much haveged boosted your entropy pool after the installation.

Installation

Install the package as usually with pacman:

# pacman -Sy haveged

systemd

To start the service once, run:

# systemctl start haveged.service

You'll probably want it to run everytime your server boots up, so run:

# systemctl enable haveged.service

SysV init system

Run it once:

# /etc/rc.d/haveged start

To start the daemon every time you boot up, add

haveged

to your daemons array in rc.conf.