
Ask HN: How to ensure reasonable entropy in Linux? - josh-wrale
So today I am trying to install FreeIPA in a VM on Proxmox VE.  Neither the hypervisor nor the guest seem to have sufficient entropy to complete the install, per the developers.  On advice from IRC, I found out how to check entropy using &#x27;cat &#x2F;proc&#x2F;sys&#x2F;kernel&#x2F;random&#x2F;entropy_avail&#x27;.<p>Results:<p><pre><code>  - desktop: 1456

  - hypervisor: 262

  - guest: 94
</code></pre>
Suggestions I&#x27;ve seen so far are:<p>1. Implement VirtIO-RNG for my VM. This would share and throttle the hypervisor&#x27;s &#x2F;dev&#x2F;random with the guest.  This does little good IMHO, if even the hypervisor is starved of entropy.  http:&#x2F;&#x2F;wiki.qemu-project.org&#x2F;Features-Done&#x2F;VirtIORNG<p>2. haveged - &quot;A simple entropy daemon&quot;; Any thoughts on this?  http:&#x2F;&#x2F;www.issihosts.com&#x2F;haveged&#x2F;<p>I would enjoy having a hardware RNG, but I wonder what software can do to solve this issue.  
https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Comparison_of_hardware_random_number_generators<p>I seem to remember the random numbers as a service post about the NIST recently.  Is that worth looking into for this?
======
jlgaddis
haveged seems to work quite well and, before I started using it months ago, I
ran some of its output through dieharder, ent, etc.

There's also rngd which can also use the RNG in a TPM, if one is available.

~~~
josh-wrale
Thanks, that is helpful.

I found the story of how haveged came to be, which was a surprise:
[https://www.centos.org/forums/viewtopic.php?f=25&t=31111](https://www.centos.org/forums/viewtopic.php?f=25&t=31111)

I also found this. The answer for most part speaks to havege instead of
haveged. The last part of the answer speaks to haveged.

[https://crypto.stackexchange.com/questions/8083/quality-
of-r...](https://crypto.stackexchange.com/questions/8083/quality-of-
randomness-on-a-linux-system-with-haveged)

------
josh-wrale
Wishing nerdy stuff like this would get more upvotes.. :)

