我們的熵非常低(HTTPS apache 伺服器,Ubuntu 12.04,不是虛擬機,硬體:使用 Lenovo ThinkCentre M58):
root@server:~# cat /proc/sys/kernel/random/entropy_avail
417
root@server:~#
我們需要更多的隨機性,所以:
root@server:~# apt-get install rng-tools
... ok!
但開始時:
root@server:~# service rng-tools start
Starting Hardware RNG entropy gatherer daemon: (failed).
root@server:~#
配置是預設的:
root@server:~# egrep -v '^$|^#' /etc/default/rng-tools
root@server:~#
用手嘗試:
root@server:~# /usr/sbin/rngd
can't open /dev/hwrng: No such device
root@server:~#
11:29 是我們安裝 rng-tools 的時候:
root@server:~# ls -lah /dev/hwrng
crw------- 1 root root 10, 183 jan 6 11:29 /dev/hwrng
root@server:~#
嘗試追蹤:
root@server:# strace /usr/sbin/rngd 2>&1 | grep hwrng
open("/dev/hwrng", O_RDONLY|O_LARGEFILE) = -1 ENODEV (No such device)
write(2, "can't open /dev/hwrng: No such d"..., 37can't open /dev/hwrng: No such device) = 37
root@server:#
問題: 如何讓「/dev/hwrng」與 rngd 一起工作?還是我們的硬體不好?或缺少某些 BIOS 設定?如何在不停機的情況下解決/檢查?
答案1
apt-get install haveged
和:
user@server:~$ cat /proc/sys/kernel/random/entropy_avail
2417
user@server:~$