Wednesday, July 15, 2015

Entropy in Linux CentOS 6.5 / RHEL 6.5 @ Virtualization TYPE1 and TYPE2 (Performance considerations)

In computing, entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data. This randomness is often collected from hardware sources, either pre-existing ones such as mouse movements or specially provided randomness generators. (source wikipedia)

Current Available Entropy in Linux Kernel
# cat /proc/sys/kernel/random/entropy_avail
58

Having a very low entropy generally affects cryptography operations (SSL, HTTPS etc).

Generally entropy is linked to device errors from the hardware. In perfectly virtualized setup (like xen, KVM, virtual box) error stream from hardware is masked by the hypervisor layer. It is recommended to generate entropy by utility programs.

# yum install rng-tools.x86_64

[root@perf04 init.d]# cat /etc/sysconfig/rngd
# Add extra options here
EXTRAOPTIONS="-r /dev/urandom -o /dev/random -t 5"
[root@perf04 init.d]# /etc/init.d/rngd status
rngd is stopped
[root@perf04 init.d]# /etc/init.d/rngd stop
Stopping rngd:                                             [FAILED]
[root@perf04 init.d]# /etc/init.d/rngd start
Starting rngd:                                             [  OK  ]

# cat /proc/sys/kernel/random/entropy_avail
2780

No comments:

Post a Comment