haveged

Langue: en

Version: 364255 (ubuntu - 25/10/10)

Section: 8 (Commandes administrateur)

NAME

haveged - Feed kernel random device

SYNOPSIS

haveged [options]

DESCRIPTION

The hardware events that are the ultimate source of any random number sequence are pooled by the /dev/random device for later distribution via the device interface. The standard mechanism for harvesting randomness for the pool may not be sufficient to meet demand, especially on those systems with high needs or limited user interaction.

The HAVEGE (HArdware Volatile Entropy Gathering and Expansion) algorithum harvests the indirect effects of hardware events on processor state (caches, branch predictors, memory translation tables, etc) rather than attempting to extract randomness from individual events. The effects of interrupt service on processor state are visible from userland as timing variations in program execution speed. Using code designed to mostly fill the instruction cache, a data area occupying a large portion of the processors data cache, and with the processor time stamp counter as the data input, it is possible to construct a calculation that will reliably generate a random sequence even on an "idle" system.

Haveged is a daemon that uses HAVEGE to maintain a 1M pool of random bytes used to fill /dev/random whenever the supply of random bits in dev/random falls below the low water mark of the device. The principle inputs to havaged are the sizes of the processor instruction and data caches used to setup the HAVEGE collector. The haveged default is a 4kb data cache and a 16kb instruction cache. On machines with a cpuid instruction, haveged will attempt to select appropriate values from internal tables.

Although CISC architectures appear insensitive to tuning parameters, there is no guarantee that manual tuning of daemon may not be required under some circumstances. The output of the HAVEGE random number generator should be verified on every installation before the daemon is put into production.

OPTIONS

-d nnn, --data=nnn
Set data cache size to nnn KB. Default is 16 or as determined by cpuid.
-f file, --file=file
Set sample output file path - default is "sample"
-i nnn, --inst=nnn
Set instruction cache size to nnn KB. Default is 16 or as determined by cpuid.
-r n, --run=n
Set run level 0=daemon,1=config info,>1=Write <r>KB sample file
-v n, --verbose=n
Set output level 0=minimal,1=config/fill items
-w nnn, --write=nnn
Set write_wakeup_threshold to nnn bits
-?, --help
This summary of program options.

DIAGNOSTICS

The following diagnostics may be issued to stderr upon termination:

Cannot fork into the background

Call to daemon(3) failed.
Cannot open file <s> for writing.
Could not open sample file <s> for writing.
Cannot write data in file:
Could not write data to the sample file.
Couldn't get poolsize.
Unable to read /proc/sys/kernel/random/poolsize
Couldn't initialize HAVEGE rng
Invalid data or instruction cache size.
Couldn't open random device
Could not open /dev/random for read-write.
Couldn't query entropy-level from kernel: error
Call to ioctl(2) failed.
Couldn't open PID file <path> for writing
Error writing /var/run/haveged.pid
Fail:set_watermark()
Unable to write to /proc/sys/kernel/random/write_wakeup_threshold
RNDADDENTROPY failed!
Call to ioctl(2) to add entropy failed
Select error
Call to select(2) failed.

AUTHOR

Gary Wuertz <gary@issiweb.com>

SEE ALSO

http://www.issihosts/haveged/