search for: haveg

Hello. I'm a distro maintainer and was wondering about the efficacy of entropy daemons like haveged and jitterentropyd in qemu-kvm. One of the authors of haveged [0] pointed out if the hardware cycles counter is emulated and deterministic, and thus predictible. He therefore does not recommend using HAVEGE on those systems. Is this the case with KVM's counters? PS. I will be setting VM CPU...

...nto one and it drops back to 30! for a few minutes. Sigh. >> >> Anyway on my new Zotac nano ad12 with an AMD E-1800 duo core, I am seeing 180. >> >> I installed rng-tools and no change. Does anyone here know how to improve the random entropy? > > http://issihosts.com/haveged/ > > EPEL: yum install haveged WOW!!! installed, enabled, and started. Entropy jumped from ~130 bits to ~2000 bits thanks Note to anyone running a web server, or creating certs. You need entropy. Without it your keys are weak and attackable. Probably even known already.

Martin Kletzander: > On Fri, Aug 10, 2018 at 08:33:00PM +0000, procmem wrote: >> Hello. I'm a distro maintainer and was wondering about the efficacy of >> entropy daemons like haveged and jitterentropyd in qemu-kvm. One of the >> authors of haveged [0] pointed out if the hardware cycles counter is >> emulated and deterministic, and thus predictible. He therefore does not >> recommend using HAVEGE on those systems. Is this the case with KVM's >> coun...

I am use to low random entropy on my arm boards, not an intel. On my Lenovo x120e, cat /proc/sys/kernel/random/entropy_avail reports 3190 bits of entropy. On my armv7 with Centos7 I would get 130 unless I installed rng-tools and then I get ~1300. SSH into one and it drops back to 30! for a few minutes. Sigh. Anyway on my new Zotac nano ad12 with an AMD E-1800 duo core, I am seeing 180.

On Fri, Aug 10, 2018 at 08:33:00PM +0000, procmem wrote: > Hello. I'm a distro maintainer and was wondering about the efficacy of > entropy daemons like haveged and jitterentropyd in qemu-kvm. One of the > authors of haveged [0] pointed out if the hardware cycles counter is > emulated and deterministic, and thus predictible. He therefore does not > recommend using HAVEGE on those systems. Is this the case with KVM's > counters? > >...

...ps back to 30! for a few minutes. Sigh. >>>> Anyway on my new Zotac nano ad12 with an AMD E-1800 duo core, I am seeing 180. >>>> >>>> I installed rng-tools and no change. Does anyone here know how to improve the random entropy? >>> http://issihosts.com/haveged/ >>> >>> EPEL: yum install haveged >> WOW!!! >> >> installed, enabled, and started. >> >> Entropy jumped from ~130 bits to ~2000 bits >> >> thanks >> >> Note to anyone running a web server, or creating certs. You need >&g...

...77b157af82c at htt-consult.com>, >>>>> Robert Moskowitz <rgm at htt-consult.com> wrote: >>>>>> On 05/26/2017 08:35 PM, Leon Fauster wrote: >>>>>> drops back to 30! for a few minutes. Sigh. >>>>>>> http://issihosts.com/haveged/ >>>>>>> >>>>>>> EPEL: yum install haveged >>>>>> WOW!!! >>>>>> >>>>>> installed, enabled, and started. >>>>>> >>>>>> Entropy jumped from ~130 bits to ~2000 bits &gt...

...le <792718e8-f403-1dea-367d-977b157af82c at htt-consult.com>, >>> Robert Moskowitz <rgm at htt-consult.com> wrote: >>>> On 05/26/2017 08:35 PM, Leon Fauster wrote: >>>> drops back to 30! for a few minutes. Sigh. >>>>> http://issihosts.com/haveged/ >>>>> >>>>> EPEL: yum install haveged >>>> WOW!!! >>>> >>>> installed, enabled, and started. >>>> >>>> Entropy jumped from ~130 bits to ~2000 bits >>>> >>>> thanks >>>> &...

On Fri, Aug 10, 2018 at 08:33:00PM +0000, procmem wrote: >Hello. I'm a distro maintainer and was wondering about the efficacy of >entropy daemons like haveged and jitterentropyd in qemu-kvm. One of the >authors of haveged [0] pointed out if the hardware cycles counter is >emulated and deterministic, and thus predictible. He therefore does not >recommend using HAVEGE on those systems. Is this the case with KVM's >counters? > I don...

...f403-1dea-367d-977b157af82c at htt-consult.com>, >>>> Robert Moskowitz <rgm at htt-consult.com> wrote: >>>>> On 05/26/2017 08:35 PM, Leon Fauster wrote: >>>>> drops back to 30! for a few minutes. Sigh. >>>>>> http://issihosts.com/haveged/ >>>>>> >>>>>> EPEL: yum install haveged >>>>> WOW!!! >>>>> >>>>> installed, enabled, and started. >>>>> >>>>> Entropy jumped from ~130 bits to ~2000 bits >>>>> >>&g...

Hi, from time to time the IMAP login times out ... my external monitoring says "connection reset by peer (SSL)" and Thunderbird tries to connect forever. After a short while everything returns back to normal operation. The system resources are plenty, there are no error messages and no greedy background tasks running. I read a little about tweaking imap-login - but all the default

Hello list we encounter a weird SSL issue with one of our dovecot (2.2.24 on Centos6) which we can only explain if our assumtion is correct Symptoms are that imaps connections (on port 993) suddenly get veeeery slow. Up to 180s for one connection with openssl s_client The thing we do not understand is that in the same time imap connections with starttls are just 1s. We can see that entropy on the

...Regards, > > > > Axel > > > > It should either block or fail to start. I personally like the idea of > blocking so it starts up successfully. > > Have you tried installing an entropy daemon or something to provide more > entropy? I've seen people suggest haveged before. > > On a side note.. I thought you want to call getrandom() after forking > otherwise all children have the same rng sequence. > Entropy daemon is very recommended for your server in any case, otherwise you'll have lots of trouble with SSL. Aki

...r influences we are unaware of - seems like a huge big hole. With the advent of SSL/TLS being mandated by google et al, every device needs access to entropy. >>> The challenge is this is so system dependent. Some are just fine with stock install. Others need rng-tools. Still others need haveged. If Redhat were to do anything, it would be to stop making the default cert during firstboot. Rather spin off a one-time process that would wait until there was enough entropy and then create the default cert. Thing is I can come up with situations were that can go wrong. >>> >&gt...

...her influences we are unaware of - seems like a huge big hole. With the advent of SSL/TLS being mandated by google et al, every device needs access to entropy. > > The challenge is this is so system dependent. Some are just fine with stock install. Others need rng-tools. Still others need haveged. If Redhat were to do anything, it would be to stop making the default cert during firstboot. Rather spin off a one-time process that would wait until there was enough entropy and then create the default cert. Thing is I can come up with situations were that can go wrong. > > There are...

...en I get ~1300. SSH into one and it drops back to 30! for a few minutes. Sigh. > > Anyway on my new Zotac nano ad12 with an AMD E-1800 duo core, I am seeing 180. > > I installed rng-tools and no change. Does anyone here know how to improve the random entropy? http://issihosts.com/haveged/ EPEL: yum install haveged -- LF

...0! for a few minutes. Sigh. > >> > >> Anyway on my new Zotac nano ad12 with an AMD E-1800 duo core, I am seeing 180. > >> > >> I installed rng-tools and no change. Does anyone here know how to improve the random entropy? > > > > http://issihosts.com/haveged/ > > > > EPEL: yum install haveged > > WOW!!! > > installed, enabled, and started. > > Entropy jumped from ~130 bits to ~2000 bits > > thanks > > Note to anyone running a web server, or creating certs. You need > entropy. Without it your keys a...

...icle <792718e8-f403-1dea-367d-977b157af82c at htt-consult.com>, >> Robert Moskowitz <rgm at htt-consult.com> wrote: >>> >>> On 05/26/2017 08:35 PM, Leon Fauster wrote: >>> drops back to 30! for a few minutes. Sigh. >>>> http://issihosts.com/haveged/ >>>> >>>> EPEL: yum install haveged >>> WOW!!! >>> >>> installed, enabled, and started. >>> >>> Entropy jumped from ~130 bits to ~2000 bits >>> >>> thanks >>> >>> Note to anyone running...

Hi, [Steffen Kaiser] - [2016-07-26 09:05] >>>> I am running a dovecot server and have set up an external >>>> monitoring, where every five minutes a login with SSL on port >>>> 993 is done. I usually get once a day an error "connection >>>> reset by peer - SSL connect", which goes away until the next >>>> monitor is executed.

On 2019-03-08 18:40, Stephan Bosch via dovecot wrote: > Since you're compiling it anyway, maybe you should first try to increase > the CLIENT_PROGRESS_TIMEOUT in src/lib-http/test-http-payload.c. It is > currently 10 seconds. I've increased the value to 30. This worked. No more timeout. However, I also tried to link dovecot against a self compiled dynamic openssl 1.1.1 and in