Speed up & secure cloud servers with more Entropy Print

  • 2

In Linux, Entropy refers to randomness that is generated by a virtual random number generator, which in turn generates its data mostly from interractions of physical devices like keyboards and mice. Many programs, services and functions in Linux rely on randomness to function. In particular, servers that handle a lot of SSL traffic may run out of Entropy; that is, the random number generator has become exhausted, and no longer has random data to serve without waiting for more to be generated. If this scenario should happen, delays will be experienced across any and all platforms requesting entropy, so the system can become far less responsive. For cloud servers that may require lots of entropy but do not have physical devices, this can obviously become a large problem!

Thankfully, there is a solution, and it's thankfully a very simple one. Haveged is a simple entropy demon that generates random data based on processor flutter. It requires very little resources to run, and will "fill up" the random number pool when it reaches 1024, which is more than ample for all but extremely heavy systems.

On CentOS 6 and CentOS 7 systems, we can install haveged and ensure it runs after reboot by running the following commands in SSH:

sudo yum install epel-release -y
sudo yum install haveged -y
sudo service haveged restart
sudo chkconfig haveged on

After haveged is installed, we can immediately see the level of entropy available is consistently higher on cloud servers than previously. Rarely will we see the level of entropy drop below 1000. We can check the level of entropy available with the following command:

cat /proc/sys/kernel/random/entropy_avail

Was this answer helpful?

« Back