On Thu, Jul 11, 2019 at 05:12:03PM +0300, Reco wrote: > On Thu, Jul 11, 2019 at 12:03:53PM +0000, Andy Smith wrote: > > I think the wiki article at > > https://wiki.debian.org/BoottimeEntropyStarvation really shows that > > currently there is no such consensus available, as every solution > > listed (except buying extra entropy hardware) > > That one is bad too. > Hardware random generator is not used by kernel directly, it requires > userspace program (such as hwrngd). > So, even if you put it into initrd alongside with the needed kernel > modules, there's still a noticeable delay between 'kernel rng is needed' > and 'sufficient entropy is available'.
With no modifications and RDRAND instruction disabled, a Debian buster VM I just created gets to crng: done in 49 seconds. By adding the userspace daemon for EntropyKey, it gets there in 10 seconds. Allowing RDRAND it gets there in 2 seconds. I haven't tested it with my OneRNG devices yet. I suspect I could also make the EntropyKey daemon start sooner if I tried. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
