When a system’s entropy pool is depleted, reads from
/dev/random will block. For applications that require lots of entropy, in environments where little entropy is available, long delays can result.
A side-note: on Linux, information about the amount of entropy available can be found under
/proc/sys/kernel/random/, along with other parameters of the kernel entropy device and a UUID source. Be aware that other systems may not have this interface.
So if you are running out of entropy, what can you do? The haveged program exists to remedy this problem. It implements a variant of the HAVEGE (HArdware Volatile Entropy Gathering and Expansion) algorithm. In brief, HAVEGE leverages the fact that modern processors have thousands of bits of volatile internal state that affect how long it takes to execute particular routines. The nondeterminism in the time taken to execute a particular routine, also known as flutter, can be determined by reading the hardware clock counter. Using this entropy to seed a PRNG, HAVEGE can provide orders of magnitude more entropy than the standard Linux entropy device.
haveged and see it in action:
sudo yum install -y haveged sudo systemctl start haveged.service
That’s all there is to it. This runs
/usr/sbin/haveged -w 1024 -v 1 --Foreground. The
-w argument specifies the write wakeup threshold. When
/dev/random has fewer than this many bits of entropy available, processes writing to the entropy pool are awakened.
haveged wakes up, produces some entropy and feeds it to Linux for other applications to use.
The availability and quality of entropy can be tested using the
rngtest tool, available in the
rng-tools package. Compare running
cat /dev/random | rngtest -c 1000 both with and without
haveged working to feed
/dev/random. You should find that
haveged does a good job of ensuring ample entropy is available for programs.
Another solution to low entropy on Linux is
rngd, which works similarly to
haveged but reads entropy from hardware RNGs. Of course, you need a hardware RNG for
rngd to be effective. The default location for a hardware RNG is
rngd uses this device by default but can be configured to use any device that provides the Linux
/dev/random ioctl API. Some Linux distributions (including recent releases of Fedora) ship with
rngd enabled by default.
Let it again be noted that the entropy devices provided by other operating systems may (read: do) operate differently from the Linux entropy device, and some have native support for hardware RNGs when present, so while the approach to entropy replenishment shared by
rngd works well for Linux, it may be incorrect or simply unnecessary for other systems.