Entropy in simple terms means the degree of randomness. A high entropy is desired in a system. Cryptographic applications may block on a system with low entry and lead to situations like a slow wlan connection. A low entropy may also lead to generation of predictable values in security-related algorithms. Low entropy may occur due to low workloads, like on a headless server or a virtual machine doing the same tasks.
To check the amount of entropy in a system, run:
$ watch -n .1 cat /proc/sys/kernel/random/entropy_avail
If the value is < 1000 it’s time to take corrective measures.
Haveged is an easy-to-use, unpredictable random number generator based upon an adaptation of the HAVEGE algorithm. Haveged maintains a 1M pool of random bytes used to fill /dev/random whenever the supply of random bits in /dev/random falls below the low water mark of the device.
To install Haveged on Ubuntu:
$ sudo apt-get install haveged
The rngd daemon acts as a bridge between a Hardware TRNG (true random number generator) such as the ones in some Intel/AMD/VIA chipsets, and the kernel’s RNG (pseudo-random number generator). It tests the data received from the TRNG using the FIPS 140-2 (2002-10-10) tests to verify that it is indeed random, and feeds the random data to the kernel entropy pool. This increases the bandwidth of the /dev/random device, from a source that does not depend on outside activity. It may also improve the quality (entropy) of the randomness of /dev/random.
To install on Ubuntu:
$ sudo apt-get install rng-tools
To configure, edit the file /etc/default/rng-tools and add the following as the last line:
HRNGDEVICE=/dev/urandom OR HRNGDEVICE=/dev/random
Finally, restart the daemon:
$ sudo /etc/init.d/rng-tools restart