Skip to main content
This section is a Work In Progress and may be incomplete or require additional testing and documentation.

Why This Matters

Entropy is randomness collected by the operating system from various sources (keyboard timings, mouse movements, disk activity, network traffic). This randomness is crucial for:
  • Generating cryptographic keys
  • Creating secure random numbers
  • SSL/TLS operations
  • SSH key generation
  • Password salt generation
Insufficient entropy can weaken cryptographic operations and make your system more vulnerable to attacks.

What is rng-tools

The rng-tools package provides utilities for using hardware random number generators and feeding entropy into the system’s random number pool (/dev/random).

Installation and Configuration

1

Install rng-tools

On Debian based systems:
sudo apt-get install rng-tools
2

Configure hardware device

Set the hardware device used to generate random numbers by adding this to /etc/default/rng-tools:
HRNGDEVICE=/dev/urandom
Or use this command:
echo "HRNGDEVICE=/dev/urandom" | sudo tee -a /etc/default/rng-tools
3

Restart the service

sudo systemctl stop rng-tools.service
sudo systemctl start rng-tools.service
4

Verify the service is running

sudo systemctl status rng-tools.service

Checking Entropy Levels

You can check your current entropy level: 
cat /proc/sys/kernel/random/entropy_avail
A value above 1000 is generally good. Values below 200 may cause cryptographic operations to slow down while waiting for more entropy.

Testing Randomness

To test the quality of random data: 
cat /dev/random | rngtest -c 1000
This reads 1000 blocks from /dev/random and performs statistical tests on the randomness.
For production systems, especially virtualized environments, consider using hardware random number generators (if available) or entropy-gathering daemons like haveged instead of or in addition to rng-tools.

Additional Resources

Notes

Virtual Machines

VMs often have low entropy. Consider using virtio-rng or haveged for better performance.

Hardware RNG

Modern CPUs have hardware RNG (RDRAND). rng-tools can utilize this if available.

/dev/random vs /dev/urandom

/dev/urandom is generally recommended for most use cases and won’t block on low entropy.

Monitoring

Monitor entropy levels regularly, especially during high-load periods.
This section needs additional testing and validation. The configuration above is a starting point but may require adjustments based on your specific system and security requirements.

Build docs developers (and LLMs) love

Get started for freeTalk to us