title: entropy is like vitamin D link: https://onemoretech.wordpress.com/2012/07/01/entropy-is-like-vitamin-d/ author: lembobro description: post_id: 2965 created: 2012/07/01 19:43:05 created_gmt: 2012/07/01 23:43:05 comment_status: closed post_name: entropy-is-like-vitamin-d status: publish post_type: post

entropy is like vitamin D

Well, not precisely. But it is in the sense that as humans need vitamin D, computers need entropy. If you're on Red Hat Enterprise 6 or one of its clones, here's how to get your daily requirement. I got into this when going through all my enabled, disabled and dead daemons and noticed that rndg was disabled. Before bothering to check what it was, I did a "service rngd start" and got back:

Starting rngd: can't open entropy source(tpm or intel/amd rng)
Maybe RNG device modules are not loaded

That led me to Google around for that error text, taking me here, a mail list post that referred me here. The writer there explained that entropy, really random numbers, are used in a variety of different computer operations, from very low to very high security. Among the highest security are functions that generate cryptographic keys, whose product is used to encrypt data that may need to remain secure for years against fairly sophisticated methods of attack. For these higher security functions simple random number generation based on the system date won't cut it. Something more substantial is needed. Quoting from the post:

Generating true entropy in a computer is fairly difficult because nothing, outside of quantum physics, is random. The Linux kernel uses keyboard, mouse, network, and disc activities, with a cryptographic algorithm (SHA1), to generate data for the /dev/random device. One of the problems with this is that the input is not constant, so the kernel entropy pool can easily become empty.

One solution to the problem is creating a /dev/urandom device. As the author says:

The /dev/urandom device is referred to as a pseudo-random device (like-random), although /dev/random is also pseudo-random but to a lesser extent. /dev/urandom uses small amounts of data from /dev/random to seed a secondary entropy pool. This has the effect of inflating the real entropy so it can be conserved.

At this point you are probably asking yourself, "How do I get this /dev/urandom thing?" Well, one solution is to install and configure rngd ("Random Number Generator Daemon"). The first part is easy, just a simple "yum install rngd" (if it isn't already there). Config is also not a big deal. Just open up /etc/sysconfig/rngd and make it look like this:

# Add extra options here
EXTRAOPTIONS="-r /dev/urandom"

Then do a "service rngd start", and make sure it's enabled on startup by doing a "chkconfig rngd on".

Copyright 2004-2019 Phil Lembo