18 Mar
2016
18 Mar
'16
5:46 p.m.
Hi Robert,
On Fri, Mar 18, 2016 at 05:37:22PM +0000, Robert Gauld wrote:
I wrote a simple script to log available entropy every
10 seconds and ran
it for 36 hours. I had a maximum of 2043 and a minimum of 132, the graph
being quite erratic.
I suppose the question really is what's a sensible minimum level to be
happy?
Not really; a key argument of the article
(http://www.2uo.de/myths-about-urandom/) is that measurements of
available entropy are meaningless, because (a) there is really no way to
know, and (b) the CSPRNG behind /dev/urandom can always provide you
more and you should be using that.
*Anything* that is reading from /dev/random is a concern because it
could potentially block.
So far it seems we are not finding anything now that uses
/dev/random, although I suspect that gpg may well still do so when
generating a new key. I haven't tested that yet.
It's looking like the entropy service wiki article at the very least
needs rewriting to stress:
- urandom is good enough; try to make your software use that
- don't configure this just because you measure a low entropy pool,
do check exactly what software is blocking on /dev/random
- let us know what software that is
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting