I am thinking my entropy level may be low?
$ cat /proc/sys/kernel/random/entropy_avail I am around 132-178 on average. Pool size is default 4096 (this is a container on a virtualizer by the way).
I also have ran:
$ cat /dev/urandom | rngtest -c 1000 and got:
rngtest: starting FIPS tests... rngtest: bits received from input: 20000032 rngtest: FIPS 140-2 successes: 999 rngtest: FIPS 140-2 failures: 1 rngtest: FIPS 140-2(2001-10-10) Monobit: 0 rngtest: FIPS 140-2(2001-10-10) Poker: 0 rngtest: FIPS 140-2(2001-10-10) Runs: 1 rngtest: FIPS 140-2(2001-10-10) Long run: 0 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=26.272; avg=628.845; max=19073.486)Mibits/s rngtest: FIPS tests speed: (min=73.928; avg=108.740; max=130.640)Mibits/s rngtest: Program run time: 206182 microseconds Also ran it on random and it took about forever to run, I cancelled it at about 5 minutes:
^Crngtest: bits received from input: 25432 rngtest: FIPS 140-2 successes: 1 rngtest: FIPS 140-2 failures: 0 rngtest: FIPS 140-2(2001-10-10) Monobit: 0 rngtest: FIPS 140-2(2001-10-10) Poker: 0 rngtest: FIPS 140-2(2001-10-10) Runs: 0 rngtest: FIPS 140-2(2001-10-10) Long run: 0 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=100.736; avg=100.736; max=100.736)bits/s rngtest: FIPS tests speed: (min=127.157; avg=127.157; max=127.157)Mibits/s rngtest: Program run time: 255516440 microseconds You hardcore OS guys - does this mean anything to you, and could this possibly be the problem of my slower SASL auth's as described in the bug: https://issues.kolab.org/show_bug.cgi?id=5219
NOTE: This is CentOS 6 by the way.
I have tried installed haveged as others have written articles about it, but I tried and the process instantly dies and tells me the subsystem is locked.
I'm not sure where to go from here.. I don't really have the ability to plug in a USB key as others have described either. And like I said, havaged starts, but quickly died.
The reason I need this entropy higher is simply because I am running a mail server that communicates over TLS a TON based on how our webmail is built. (SASL, Cyrus setup).
EDIT 1:
I installed haveged:
$ yum install haveged But when I go to start the process it instantly dies:
Process is dead but sub system is locked Of course I did my research and found no answers why this is happening. I do see that the lock file is there. I've tried deleting it and restarting the service and that did nothing. I also do not see a PID file in var/run.
I installed this from the standard repos with CentOS which I assume work since yum installed it fine.
EDIT 2:
How would I go about having SASL/Cyrus use urandom instead of random if I can't generate higher entropy of my random pools on a container?
/dev/random. You should be using/dev/urandomfor almost everything.