Mailinglist Archive: opensuse-features (518 mails)

< Previous Next >
[openFATE 306591] entropy daemons in 11.2
  • From: fate_noreply@xxxxxxx
  • Date: Thu, 12 Aug 2010 18:49:13 +0200 (CEST)
  • Message-id: <feature-306591-15@xxxxxxxxxxxxxx>
Feature changed by: Bruno Friedmann (bruno_friedmann)
Feature #306591, revision 15
Title: entropy daemons in 11.2

openSUSE-11.2: Rejected by Stephan Kulow (coolo)
reject date: 2009-08-12 11:35:35
reject reason: too late for 11.2, I open it for 11.3 because it came
rather late and so the 1 vote only is a bit unfair
Requester: Important

openSUSE-11.3: Evaluation
Requester: Important

Requested by: Brandon Philips (philipsb)
Developer: (Novell)

Headless and diskless servers with limited input have relied on entropy
added by interrupts flagged with IRQF_SAMPLE_RANDOM. However, this
feature will be disappearing from the Kernel soon.
One solution is to run a daemon to add entropy from userspace to the
pool. Example daemons can be found here:
11.2 should provide these or similar daemons as options for users who
require additional entropy sources to keep /dev/random from blocking on
The Kernel thread discussing this thread can be found here:
commit 9d9b8fb0e5ebf4b0398e579f6061d4451fea3242
When: July 2009
Why: Many of IRQF_SAMPLE_RANDOM users are technically bogus as
sources in the kernel's current entropy model. To resolve this, every
input point to the kernel's entropy pool needs to better document the
type of entropy source it actually is. This will be replaced with
additional add_*_randomness functions in drivers/char/random.c
Who: Robin Getz & Matt Mackall

#1: Andreas Jaeger (a_jaeger) (2009-07-09 15:59:11)
This looks to me like a feature where some volunteer could package this
in the build service. Any takers?

#2: Brandon Philips (philipsb) (2009-07-09 20:36:27)
I forgot to note that a solution like this will eventually be needed in
SLES too. See FATE#305944

#3: Frank A (franka8) (2009-11-06 13:15:55)
remember there is VIA C-7 & nano "PADLOCK" crypto hardware in CPU &
netbooks, featuring an on-die industrial grade PRNG random source. It
will be difficult to beat it's effiency & quality, which is already
scrutinized by independent researchers. 

#4: Robert Davies (robopensuse) (2009-12-07 18:52:00)
Done a little pilot work on this - have asked for comments on mail list

#5: Bruno Friedmann (bruno_friedmann) (2010-05-09 00:03:09)
there's some sort of in obs now ( I'm using entropy_timer for a foreign
server )
allowing a constant ~4K of entropy, without this entropy could goes
down to <100.
webpin could drive you to the mentionned package.
I'm agree with Franka8 comment, if hardware source exist it would be
better. But having some capable daemon is a sort of fault back, and is
better than nothing

#6: Pavol Rusnak (prusnak) (2010-05-10 01:38:48)
Packages are already in "security" project:
* audio-entropyd
* timer-entropyd
* video-entropyd

#7: Cristian Rodríguez (elvigia) (2010-08-12 17:38:57)
Implemented in 11.4, haveged can be installed.

+ #8: Bruno Friedmann (bruno_friedmann) (2010-08-12 18:49:09) (reply to
+ #7)
+ Seems there also haveged available for 11.3 from this one

openSUSE Feature:

< Previous Next >
This Thread