[fedora-arm] Random entropy difference between F26 workstation and minimal server

Post by Robert Moskowitz
cat /proc/sys/kernel/random/entropy_avail
To check on the amount of entropy for creating random stuff like keypairs
with openssl or random nonces and keys for TLS..
I am using a Cubieboad2.
With Fedora-Xfce-armhfp-26-1.5-sda.raw.xz I was seeing numbers in the 3,000.
I don't have that image running right now to get an actual number.
I just built a system with: Fedora-Server-armhfp-26-1.5-sda.raw.xz
866
803
828
What is different between these two images? It is the same Cubieboard.

Different images have different services enabled by default, is
rng-tools intsalled by default on server image?

Post by Robert Moskowitz
I have also installed rng-tools with some success, but not as much as
haveged.

There's a quality difference between HW rng vs haveged which provides
entropy but might not be as random as a proper HW rng
_______________________________________________
arm mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email t

Robert Moskowitz

2017-08-27 19:59:22 UTC

Different images have different services enabled by default, is
rng-tools intsalled by default on server image?

Just checked and

Package rng-tools-5-9.fc26.armv7hl is already installed

And after running dnf, entropy dropped to 324....

Post by Robert Moskowitz
I have also installed rng-tools with some success, but not as much as
haveged.

There's a quality difference between HW rng vs haveged which provides
entropy but might not be as random as a proper HW rng

I could boot up the workstation Xfce image I have, but I was kind of
hoping there was some knowledge here on differences.

Other than workstation running something like haveged, what else could
be the source of the entropy difference?

Bob

_______________________________________________
arm mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to arm-***@lists.fedoraproject.org

Peter Robinson

2017-08-27 20:08:16 UTC

Different images have different services enabled by default, is
rng-tools intsalled by default on server image?

Just checked and
Package rng-tools-5-9.fc26.armv7hl is already installed
And after running dnf, entropy dropped to 324....

Post by Robert Moskowitz
I have also installed rng-tools with some success, but not as much as
haveged.

There's a quality difference between HW rng vs haveged which provides
entropy but might not be as random as a proper HW rng

Different services consuming the available entropy
_______________________________________________
arm mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an ema

Robert Moskowitz

2017-08-27 20:25:10 UTC

Different images have different services enabled by default, is
rng-tools intsalled by default on server image?

Just checked and
Package rng-tools-5-9.fc26.armv7hl is already installed
And after running dnf, entropy dropped to 324....

Post by Robert Moskowitz
I have also installed rng-tools with some success, but not as much as
haveged.

There's a quality difference between HW rng vs haveged which provides
entropy but might not be as random as a proper HW rng

Different services consuming the available entropy

OK. that is the basic answer. This is the minimal server. There are
no connections to it. I am using the serial console. It does have
cockpit running by default, but I would hope that is idling and not
eating up things like resources. I should probably disable it, as it is
not something I would use.

Any idea on how I can figure out what is consuming the entropy?

My minimal Centos7-arm images have ~2500 for the entropy value.

thanks
_______________________________________________
arm mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to arm-***@lists.fedorap

Robert Moskowitz

2017-08-27 20:35:42 UTC

On Sun, Aug 27, 2017 at 8:59 PM, Robert Moskowitz

On Sun, Aug 27, 2017 at 6:57 PM, Robert Moskowitz

Different images have different services enabled by default, is
rng-tools intsalled by default on server image?

Just checked and
Package rng-tools-5-9.fc26.armv7hl is already installed
And after running dnf, entropy dropped to 324....

Post by Robert Moskowitz
I have also installed rng-tools with some success, but not as much as
haveged.

There's a quality difference between HW rng vs haveged which provides
entropy but might not be as random as a proper HW rng

Different services consuming the available entropy

OK. that is the basic answer. This is the minimal server. There are
no connections to it. I am using the serial console. It does have
cockpit running by default, but I would hope that is idling and not
eating up things like resources. I should probably disable it, as it
is not something I would use.
Any idea on how I can figure out what is consuming the entropy?
My minimal Centos7-arm images have ~2500 for the entropy value.

Don't think it should be cockpit:

# systemctl status cockpit
● cockpit.service - Cockpit Web Service
Loaded: loaded (/usr/lib/systemd/system/cockpit.service; static;
vendor prese
Active: inactive (dead)
Docs: man:cockpit-ws(8)

_______________________________________________
arm mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to arm-leave

Derek Atkins

2017-08-28 11:56:43 UTC

Post by Robert Moskowitz
What is different between these two images? It is the same Cubieboard.

Different images have different services enabled by default, is
rng-tools intsalled by default on server image?

Just checked and
Package rng-tools-5-9.fc26.armv7hl is already installed

But is rngd actually running?

Post by Robert Moskowitz
And after running dnf, entropy dropped to 324....

Hmm.

-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
***@MIT.EDU PGP key available
_______________________________________________
arm mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to arm-***@lists.fedorapro

Robert Moskowitz

2017-08-28 12:17:42 UTC

Post by Robert Moskowitz
What is different between these two images? It is the same Cubieboard.

Different images have different services enabled by default, is
rng-tools intsalled by default on server image?

Just checked and
Package rng-tools-5-9.fc26.armv7hl is already installed

But is rngd actually running?

My limited experience with the Centos7-arm build was install and it
runs. I would have to check to see what services are there...

Again, limited experience, but on C7 without rngd, I was only seeing ~80
for entropy. Added rng-tools and it 'jumped' to ~800. Added haveged
and it went up to ~2500. My F26 workstation with Xfce was showing
~3000. All on the same Cubieboard2.

Post by Robert Moskowitz
And after running dnf, entropy dropped to 324....

Hmm.

I believe dnf uses https?

Bob
_______________________________________________
arm mailing list -- ***@lists.fedoraproject.org
To unsubscrib

Robert Moskowitz

2017-08-28 12:32:36 UTC

Bob,

Post by Robert Moskowitz
What is different between these two images? It is the same Cubieboard.

Different images have different services enabled by default, is
rng-tools intsalled by default on server image?

Just checked and
Package rng-tools-5-9.fc26.armv7hl is already installed

But is rngd actually running?

My limited experience with the Centos7-arm build was install and it
runs. I would have to check to see what services are there...
Again, limited experience, but on C7 without rngd, I was only seeing ~80
for entropy. Added rng-tools and it 'jumped' to ~800. Added haveged
and it went up to ~2500. My F26 workstation with Xfce was showing
~3000. All on the same Cubieboard2.

There is going to be more entropy gained from an actual window system
because you have (theoretically) more interrupts happening due to user
interaction. It's also possible that Xfce itself works to add entropy to
the system on top of rngd?

Interesting, and probably right.