7 Jun
2010
7 Jun
'10
7:46 p.m.
Hello,
On Mon, Jun 07, 2010 at 08:18:09PM +0300, Ander Punnar wrote:
I check'd few my servers and... how low is low?
I reckon that under 200 bytes for anything more than a few seconds
is not great. But to put this in perspective, all that happens is
that things block when they need entropy that isn't there. Nothing
should really break, except in extreme circumstances.
Anecdotally I have heard that gnutls (which is replacing OpenSSL in
many packages, particularly in Debian) is a lot hungrier for entropy
than OpenSSL. People have reported to me (for example) that their
mail servers are sometimes unable to open a TLS connection, or their
gnupg is unable to generate a key.
Is it related to load?
Not really, except where the load is requiring entropy. Creating a
process requires 32-64 bytes of entropy, generating a session key
will require some, setting up an SSL connection will require more,
etc. etc.
Lowest free entropy count I got from machine with
average load 0.1 and
highest from machine with load over 4 and 5.
A lot of loads do things that *generate* entropy, so we can see in
the second part of my posting that left to itself, urquell actually
has less entropy than the other hosts merely because it's idle. If
your work load is generating a lot of hardware interrupts then the
host should get more entropy.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting