[onerng talk] soooo what's the comparison on a commodity sytem
Paul Campbell
paul at taniwha.com
Thu Jun 11 22:01:44 BST 2015
On Fri, 12 Jun 2015 02:38:15 ba1020 wrote:
> cat /proc/sys/kernel/random/entropy_avail
>
> Moobase plugged in ca 2000
>
> without ca 900
>
> can anyone confirm this or has similar results?
>
> is this the hole gain? I'm a little disappointed or expected more
the kernel has a fixed sized (compiled in and relatively small) entropy pool -
onerng and rngd are set up to feed more data into that pool if it dips below
"full" - I think you're simply seeing a full entropy pool (which is a good
thing) - it can't get any bigger than that because that's the way the kernel
works
The real test is how fast can you get the kernel entropy pool to refill when
it's being stressed (when programs are sucking data out of /dev/random and
/dev/urandom) - you should be getting ~64kb of entropy/second from your
OneRNG.
A great test is how fast can you pull data from /dev/random (dd-ing it to
/dev/null is an easy way to do this) with or without OneRNG - that will give
you a better idea of how much entropy is available to SSL and other entropy
consumers
(you use /dev/random here because it will stall when the kernel entropy pool
empties, /dev/urandom will consume entropy just like /dev/random if it's
available, but wont stall and will continue providing data even when the pool
is empty)
Paul
More information about the Discuss
mailing list