Speed up & secure cloud servers with more Entropy

In Linux, Entropy refers to randomness that is generated by a virtual random number generator, which in turn generates its data mostly from interractions of physical devices like keyboards and mice. Many programs, services and functions in Linux rely on randomness to function. In particular, servers that handle a lot of SSL traffic may run out of Entropy; that is, the random number generator has become exhausted, and no longer has random data to serve without waiting for more to be generated. If this scenario should happen, delays will be experienced across any and all platforms requesting entropy, so the system can become far less responsive. For cloud servers that may require lots of entropy but do not have physical devices, this can obviously become a large problem!

Thankfully, there is a solution, and it's thankfully a very simple one. Haveged is a simple entropy demon that generates random data based on processor flutter. It requires very little resources to run, and will "fill up" the random number pool when it reaches 1024, which is more than ample for all but extremely heavy systems.

On CentOS 6 and CentOS 7 systems, we can install haveged and ensure it runs after reboot by running the following commands in SSH:

sudo yum install epel-release -y
sudo yum install haveged -y
sudo service haveged restart
sudo chkconfig haveged on

After haveged is installed, we can immediately see the level of entropy available is consistently higher on cloud servers than previously. Rarely will we see the level of entropy drop below 1000. We can check the level of entropy available with the following command:

cat /proc/sys/kernel/random/entropy_avail
  • 2 Users Found This Useful
Was this answer helpful?

Related Articles

How to resize LVM partitions

Sometimes when users install their operating systems from ISOs manually, they choose to install...

Archiving old content (tar gzip)

In this article we'll explain how and why you should archive your old content - particularly...

Choosing the best DNS resolvers for a server

Customers often ask us what we'd recommend they use as DNS resolvers on their server. This...

CSF Error: *WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny

Following the install of CSF (ConfigServer Security & Firewall) on some servers, you may...