Feeding the kernels entropy source from other machines and/or increasing its maximum size
Posted
by David Spillett
on Server Fault
See other posts from Server Fault
or by David Spillett
Published on 2010-05-26T10:00:47Z
Indexed on
2010/05/26
10:03 UTC
Read the original article
Hit count: 257
We have has a little trouble with a small box that acts as a VPN end-point and mail relay for our network, caused by the available entropy for /dev/random
being too low (which causes TLS connection attempts by exim to fail).
The machine doesn't do anything else, so the normal feed into the entropy pool (interrupt timings from things like disk access) is not enough. As a quick hack I've set a looping script that reads from /dev/hda
at a couple of Mbyte/sec which keeps it topped up. Other than buying a hardware RNG, is there a clean way of piping data for entry from elsewhere, such as a copy of the data our file server uses for its entropy source? I've spotted several tips for using rng-tools to feed it from /dev/urandom
on the same machine but that "feels dirty".
Also, is it possible to increase the maximum pool size? It currently seems to max out at 3585.
© Server Fault or respective owner