How to increase the entropy pool without using a keyboard or mouse?

Solution Verified - Updated 7 Aug 2024

Environment

Red Hat Enterprise Linux
rng-tools (RHEL 6 and above)
rng-utils (RHEL 5)
kernel-utils (RHEL 4)

Issue

The system is reporting that there is not enough entropy in the pool for SSL connections and other security-related applications.
How can I increase the entropy pool without using a keyboard or mouse?
Does the command rngd -r /dev/urandom -o /dev/random really help to resolve the low entropy issue?
Is it recommended to replace /dev/random with /dev/urandom in RHEL?
Is it advisable to change /dev/random to a softlink to /dev/urandom?

Resolution

If your system does not have a keyboard or mouse, you have several ways to generate entropy.

Preferred method: hardware random number generator

Some system/motherboard chipsets include Content from en.wikipedia.org is not included.hardware random number generator devices. The Linux kernel includes drivers like amd-rng and intel-rng to support these devices.

Add-on hardware random number generators (hardware-based entropy tools) are available as well. Several manufacturers sell devices for this purpose; a limited Content from en.wikipedia.org is not included.comparison of devices is available from Wikipedia.

Many of these generators will expose themselves as an alternate device in /dev, usually /dev/hw_random. You can use rngd (see below) to copy entropy from /dev/hw_random to /dev/random to preserve the classical interface.

Preferred method: direct hardware instructions to processor

Models of Intel processor can provide randomness directly with the processor instructions RDRAND and RDSEED. These are discussed in further detail on Intel's Developer Zone Blog at Content from software.intel.com is not included.The Difference Between RDRAND and RDSEED.

This method requires coding instructions into your program which interface directly with the processor using assembly instructions. Discuss this with your application developer to see if this is an option for you.

Preferred method: paravirtual random number generator

Within a KVM virtual machine (RHEL KVM, RHEV, Red Hat OpenStack) a RHEL 7 hypervisor can provide a paravirtual random device to a RHEL6 or RHEL7 guest, this paravirtual device draws from the hypervisor's true hardware entropy source.

This is discussed in greater detail on the RHEL Blog at This content is not included.Red Hat Enterprise Linux Virtual Machines: Access to Random Numbers Made Easy.

Preferred method: CPU timing jitter

The rng-tools-6.3.1-3.el7 package in RHEL 7 and later supports the "jitter" entropy source, which uses small CPU timing variances to provide some entropy.

Running the rngd daemon will log Enabling JITTER rng support when this feature is in use.

The haveged package from EPEL works in a similar way.

Alternative method: non-blocking entropy source /dev/urandom

The /dev/random and /dev/urandom entropy sources draw from the same entropy pool, the difference being that the former blocks when there is no new entropy, and the latter does not block, instead supplying the same entropy repeatedly whilst adding new entropy as it arrives.

There is much discussion in the security community about use of the non-blocking entropy source /dev/urandom. Judging the suitability of this source for your requirements should be done in line with your organization's security policy.

An entropy source can be tested for (FIPS-compliant) randomness using the rng-tools or rng-utils.

Non-preferred method: seed randomness source from non-blocking source

NOTE: This method is potentially insecure. This method should only be used when no other source of entropy can be supplied, and software cannot be changed to use an alternative source besides /dev/random.

If adding a hardware number generator is not an option, you can use the rngd daemon to feed the entropy pool.

Start the rngd daemon using following command and monitor the entropy on the system:

# rngd -r /dev/urandom -o /dev/random

# watch -n 1 cat /proc/sys/kernel/random/entropy_avail

NOTE: Seeding /dev/random with data derived from /dev/urandom plays a trick on the system - the entropy_avail reported will increase, but the real entropy is actually decreasing. A software-only random number generator like rngd is not a proper substitute for a good hardware random number generator. Do not use rngd in this fashion unless you understand and accept this difference.

Additional Notes

In Red Hat Enterprise Linux, the file /proc/sys/kernel/random/poolsize gives the size of the entropy pool.

On RHEL 4, the default value is 512 bytes, but it is changeable, and the choices are 32, 64, 128, 256, 512, 1024, or 2048.

Since RHEL 5 until RHEL 8, the size of the entropy pool is always 4096.

On RHEL 9, the size of entropy pool is always 256.

Root Cause

Random numbers are a cryptographic primitive - a building block for cryptographic protocols. For example, in SSL connections, the bulk of the data is encrypted using a symmetric encryption. The communicating parties (client and server) negotiate a symmetric encryption algorithm to be used as well as a key to be used for that algorithm. This session key is a randomly generated one. It is exchanged securely between the parties through the use of public key cryptography.
The Linux kernel facilitates random number generation through two devices: /dev/random and /dev/urandom with different properties:
- /dev/random "should be suitable for uses that need very high quality randomness such as one-time pad or key generation. When the entropy pool is empty, reads from /dev/random will block until additional environmental noise is gathered" (random(4)).
- /dev/urandom will not block, but the quality of its randomness may be lower.
The kernel maintains an entropy pool for these devices. The entropy pool is fed by entropy sources of the system, typically coming from the keyboard, the mouse, and some other device drivers or IRQs. Entropy from the entropy pool is consumed in the generation of random data (i.e. through reads from /dev/random and /dev/urandom).

Diagnostic Steps

The read-only file /proc/sys/kernel/random/entropy_avail will tell you the available entropy. It is always changing on a running system because keyboard and mouse movement can increase entropy, and the kernel and other applications can consume entropy on the fly.

You can see the entropy value using the following command:

# cat /proc/sys/kernel/random/entropy_avail

Normally this value hovers just below the value of /proc/sys/kernel/random/poolsize (RHEL8 default: 4096; RHEL9 default: 256). If the value is closer to /proc/sys/kernel/random/read_wakeup_threshold (RHEL8 default: 64) instead, the system is starved for entropy.

SBR

Kernel

Product(s)

Red Hat Enterprise Linux

Components

Category

Learn more

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.