Haveged

出自 Arch Linux 中文维基

本文內容或本節內容已經過期。

原因: 請提供模板的第一個位置參數以概括原因。 (在Talk:Haveged討論)

haveged 項目的目的是提供一個簡單易用的不可預測 隨機數生成器,基於 HAVEGE 算法。Haveged 可以解決在某些情況下,系統熵過低的問題。

警告: 此程序無法保證熵的質量([1][2]). 如果對安全要求較高,請考慮使用硬件隨機數生成器 rng-tools.

安裝[編輯 | 編輯原始碼]

安裝 軟件包 haveged.

啟動啟用 服務 haveged.service

檢查當前的熵[編輯 | 編輯原始碼]

要檢查是否需要 Haveged, 使用下面命令查看當前收集到的熵:

# cat /proc/sys/kernel/random/entropy_avail

如果結果比較低 (<1000),建議安裝 haveged. 否則加密程序會等待系統有足夠的熵。例如如果使用 軟件熱點,網速會比較慢。

安裝 haveged 之後,可以再次查看系統熵看下有無提升。

其它選擇[編輯 | 編輯原始碼]

Unless you have a specific reason to not trust any hardware random number generator on your system, you should try to use them with the rng-tools first and if it turns out not to be enough (or if you do not have a hardware random number generator available), then use Haveged.

Virtual machines[編輯 | 編輯原始碼]

As discussed at Is it appropriate to use haveged as a source of entropy on virtual machines?, it can be contested whether haveged provides quality entropy within a virtual environment. Haveged relies on the rdtsc instruction, which may be virtualized within a virtual machine resulting in lower quantity entropy. On some hypervisors, it is possible to disable the virtualization of rdtsc, which would in theory allow haveged to provide higher quality entropy.

To disable the virtualization of the rdtsc instruction in VMware ESXi, add the setting monitor_control.virtual_rdtsc = "FALSE" to the virtual machine’s .vmx configuration file. VMware recommends the setting for use when performing measurements that require a precise source of real time in the virtual machine. [3]

參閱[編輯 | 編輯原始碼]