Closed. This question needs details or clarity. It is not currently accepting answers. Want to improve this question? Add details and clarify the problem by editing this post. Closed 2 years ago. Improve this question When no radioactive decay is available and good entropy is strongly advised for security reasons you experience a real problem. … Read more
Whenever I cat /proc/sys/kernel/random/entropy_avail inside my Docker containers (Linux 5.10 based), I get a double-digit result, which is apparently laughably low. Supposedly anything below 4 digits is bad, and keeping it close to 4096 (the max) is ideal. I’ve read about an entropy-gathering daemon called haveged, but it is supposedly obsolete since Linux kernel 5.6, … Read more
Is there any tool that would allow me to audit or check if everything is all right concerning my SSL Handshake ? I personally found it is a bit slow, but I really don’t know if it’s just me. I am currently hosted on a VPS running OpenVZ, this is what entropy_avail looks like: root@mtl:~# … Read more
I am trying to figure out how to install haveged on Cloud Linux. It doesn’t seem to be avail in the repo, and trying to a do a make install does not work. My question is: Is haveged compatible with CL, and if so, is there a repo I can simply add to install it? … Read more
I tried to gain a bit of understanding about how SSL/TLS works and had a look at the TLS handshake in TLS 1.2 and TLS 1.3, and where random numbers from the server come into play there. Since every TLS requests will have a cost in terms of entropy, because cryptographic keys need to be … Read more
The man page for rngd on Linux says -o (/dev/random) is used for random number output while -r (/dev/hwrng) for random number input. What does this mean? How do these device files differ and why are they used differently? My understanding is the the kernel generates its own random sequences from hardware events and sticks … Read more
Is there any simple way of monitoring the amount of available entropy (random data) on windows? I’m using Windows server 2008R2 and apache+ssl on vmware, and I’m a bit worried about starving the entropy pool. On linux, this is available via /proc/sys/kernel/random/entropy_avail Answer Windows has always enough entropy in PRNG. Question is quality of this … Read more
I’m looking for the method used by EJBCA to generate the private keys in general (CA, Sub-Ca, certificates…). Let say for instance you want RSA 2048 key size. Is the generation process all done in EJBCA application ? Do they rely on Java EE-based application server random generation (in my case Jboss) ? Is there … Read more
I am looking at connecting in a reasonably secured way mobiles to an enterprise WiFi network. The current solutions would be user certificates on the mobiles (they are unfortunately exportable) or PEAP-MS-CHAP-v2. PEAP-MS-CHAP-v2 is vulnerable to offline bruteforce attacks, I am therefore trying to estimate the required entropy of passwords in three scenarios: pure bruteforce … Read more
We have has a little trouble with a small box that acts as a VPN end-point and mail relay for our network, caused by the available entropy for /dev/random being too low (which causes TLS connection attempts by exim to fail). The machine doesn’t do anything else, so the normal feed into the entropy pool … Read more
