[Ach] Recomendation on haveged in Bettercrypto chapter 3.3.3
maciej at soltysiak.com
Wed Apr 29 13:37:51 CEST 2015
First of all thanks to all contributors of Bettercrypto.org - it's great
and I've been using often and promoting it to some people.
I wanted to ask about one recomendation give in chapter 3.3.3 on haveged.
Haveged is suggested for increasing the kernel entropy pool to improve the
Now, I've been using haveged in a few places with success, but I recently
have read something that has changed my view on it. It was this article: 
The author writes quite convincingly that low entropy does not matter; that
there is no count of entropy, but an estimate and given the fact that in
actuality /dev/random and /dev/urandom are fed by the same CSPRNG, the only
difference is that /dev/random blocks and /dev/urandom is - given the
computational security we're aiming to get - a safe bet.
Therefore, when I asked about it  I was suggested that haveged is only a
waste of resources. That made me go back to bettercrypto and think whether
it's good to add a note that haveged is sometimes proposed, but it's not
improving the security of crypto using the RNGs. If you suffer from
/dev/random blocking, use /dev/urandom. Period. No benefit in using
/dev/random and feeding entropy.
Of course, I'm far from being authority, I'm just wearing a sysadmin hat
here and asking around.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ach