跳至內容
出自 Arch Linux 中文维基

本文或本節內容已經過時。

原因: 請提供模板的第一個位置參數以概括原因。 (在Talk:Haveged討論)

haveged 項目的目的是提供一個簡單易用的不可預測隨機數生成器,基於 HAVEGE 算法。Haveged 可以解決在某些情況下,系統熵過低的問題。

警告:此程序無法保證熵的質量([1][2]). 如果對安全要求較高,請考慮使用硬體隨機數生成器 rng-tools.

安裝

安裝軟體包 haveged.

啟動啟用服務 haveged.service

檢查當前的熵

要檢查是否需要 Haveged, 使用下面命令查看當前收集到的熵:

# cat /proc/sys/kernel/random/entropy_avail

如果結果比較低 (<1000),建議安裝 haveged. 否則加密程序會等待系統有足夠的熵。例如如果使用軟體熱點,網速會比較慢。

安裝 haveged 之後,可以再次查看系統熵看下有無提升。

其它選擇

Unless you have a specific reason to not trust any hardware random number generator on your system, you should try to use them with the rng-tools first and if it turns out not to be enough (or if you do not have a hardware random number generator available), then use Haveged.

Virtual machines

As discussed at Is it appropriate to use haveged as a source of entropy on virtual machines?, it can be contested whether haveged provides quality entropy within a virtual environment. Haveged relies on the rdtsc instruction, which may be virtualized within a virtual machine resulting in lower quantity entropy. On some hypervisors, it is possible to disable the virtualization of rdtsc, which would in theory allow haveged to provide higher quality entropy.

To disable the virtualization of the rdtsc instruction in VMware ESXi, add the setting monitor_control.virtual_rdtsc = "FALSE" to the virtual machine’s .vmx configuration file. VMware recommends the setting for use when performing measurements that require a precise source of real time in the virtual machine. [3]

參閱