rngd

In his talk at LinuxCon Europe 2012 about random number generation on Linux, H. Peter Anvin strongly advises to run rngd (from rng-tools.

rngd acts as a bridge between a Hardware TRNG (true random number generator) such as the ones in some Intel/AMD/VIA chipsets, and the kernel’s PRNG.

About haveged: "So, while I can’t really recommend it, I can’t not recommend it either." If you are going to run HAVEGE, Peter strongly recommended running it together with rngd, rather than as a replacement for it.

Roadmap

How to convince haveged and rngd to play together nicely. Can we just install both and be done with it?

According to H. Peter Anvin’s slides, haveged "can be run in parallel with rngd".

Let’s try that.

Debian package need some care, call for co-maintainer on Debian bug #542599. The package is actually a bit behind the ubuntu one, doesn’t include support for TPM hardware, which is the only one I could try. In a Tails VM, once installed the rngd daemon fail to start given there’s no hardware available.

Feature Branch: feature/5650-rngd

Related issues

Related to #7102
Related to #6116
Related to #7675 (closed)
Related to #7687 (closed)
Related to #11758 (closed)
Related to #17154

Original created by @tails on 5650 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information