Feeding the kernels entropy source from other machines and/or increasing its maximum size

Posted by David Spillett on Server Fault See other posts from Server Fault or by David Spillett
Published on 2010-05-26T10:00:47Z Indexed on 2010/05/26 10:03 UTC
Read the original article Hit count: 257

Filed under:
|
|
|

We have has a little trouble with a small box that acts as a VPN end-point and mail relay for our network, caused by the available entropy for /dev/random being too low (which causes TLS connection attempts by exim to fail).

The machine doesn't do anything else, so the normal feed into the entropy pool (interrupt timings from things like disk access) is not enough. As a quick hack I've set a looping script that reads from /dev/hda at a couple of Mbyte/sec which keeps it topped up. Other than buying a hardware RNG, is there a clean way of piping data for entry from elsewhere, such as a copy of the data our file server uses for its entropy source? I've spotted several tips for using rng-tools to feed it from /dev/urandom on the same machine but that "feels dirty".

Also, is it possible to increase the maximum pool size? It currently seems to max out at 3585.

© Server Fault or respective owner

Related posts about linux

Related posts about random