[Ach] Fwd: Re: Recomendation on haveged in Bettercrypto chapter 3.3.3

Manuel Kraus ach at lsd.is
Wed Apr 29 18:02:21 CEST 2015


Sorry, reposting, because used wrong address the last time.


---

I admit the use of haveged for my mailserver to support fast and lag
free session key generation for TLS.

After several randomness tests with "ent" [1], seeing the very good
quality of randomness, I was sure to do the absolutely right thing with
it. Having around 3000 bits of very good randomness at any time without
blocking was quite tempting.

I don't see any resource hog in it so far. The mail machine runs for
around 266 days now and the haveged process is at around 30 minutes.

Additionally I felt great difference of wait time on generating large
RSA keys with and without haveged on my stand alone private key
generation box.

I'm not very sure yet, why this personal experiences are outweighed by
some other points currently made here...



Am 29.04.2015 um 15:23 schrieb Aaron Zauner:

> Please don't use haveged.



Manuel


[1] http://www.fourmilab.ch/random/



-- 
http://lsd.is
https://www.xing.com/profile/Manuel_Kraus17






More information about the Ach mailing list