--- Log opened Sat Oct 05 00:00:42 2013 17:13 < HM3> wow a bitcoin full-node daemon written in Go 19:07 < warren> anyone familiar with entropy sources available to the linux kernel? I'm configuring the new bitcointalk.org server and need to feed more entropy into the VM... 19:07 < K1773R> warren: HD IO increases it, otherwise you have to use a TRNG as seed 19:07 < jgarzik> warren, you're running rngd? 19:08 < warren> jgarzik: 16 core xeon server seems to lack intel hardware rng ... 19:08 < warren> not sure what kind of hardware thi sis 19:08 < warren> Starting rngd: can't open entropy source(tpm or intel/amd rng) 19:08 < warren> Maybe RNG device modules are not loaded 19:08 < warren> [FAILED] 19:08 < jgarzik> warren, TPM RNG works too 19:08 < jgarzik> warren, also, check for unused video or audio hardware (audio-entropyd, ...) 19:08 < jgarzik> bbiab 19:09 < warren> hm 19:09 < warren> jgarzik: virtio-rng.ko is only for inside guests right? 19:17 < warren> no TPM, no hw rng, no audio or video input available 19:17 < jgarzik> warren, correct, virtio-rng only for guests 19:17 < jgarzik> warren, can you PM (or just show) a pastebin of lspci? 19:18 < warren> http://pastebin.com/5XQhL36B 19:20 < K1773R> warren: http://www.vanheusden.com/te/ 19:20 < jgarzik> warren, is video connected to anything, like a KVM? 19:21 < K1773R> warren: ^ always works 19:21 < warren> jgarzik: right now yes, but it will be removed I think 19:23 < warren> jgarzik: is the video usable as rng with or without something plugged in? 19:24 < jgarzik> warren, probably 19:24 < warren> jgarzik: it has KVM and it will remain forever 19:25 < jgarzik> warren, might have a second port unused, etc. 19:26 < gmaxwell> warren: http://www.issihosts.com/haveged/ 19:26 * jgarzik reconsiders 19:26 < jgarzik> all this is pointless. Spend BTC on bitcoinstore.com and buy an entropy device ;p 19:27 < jgarzik> tell people to plug it in 19:27 < gmaxwell> the entropy keys are not available anymore. 19:27 < gmaxwell> :( 19:27 < gmaxwell> (they'll take your order but have no idea when they'll ship them) 19:28 < warren> http://www.vanheusden.com/ved/ hmm? 19:31 < warren> oh, video4linux =( 19:31 * warren tries haveged and te 19:31 < gmaxwell> haveged works very well, and the high and low watermark keep it doing the right thing... of course perhaps its randomness is garbage. 19:32 < warren> it works well, just it might not be good? =) 19:32 < gmaxwell> The software behaves well: runs as much as it needs to, keeps the kernel filled to at least the low watermark, etc. 19:32 < gmaxwell> but I provide no cerfitication on the quality of its randomness. :P 19:36 < K1773R> warren: did you check http://www.vanheusden.com/te/ ? 19:36 < K1773R> gmaxwell: are we talking about simtec's product? 19:38 < warren> K1773R: I did, but haveged was available as a package and it got gmaxwell's non-endorsement, so ... easy 19:39 < gmaxwell> K1773R: http://www.vanheusden.com/te/ is yuck compared to haveged just due to entropy pool management. 19:39 < K1773R> gmaxwell: ACK 19:39 < K1773R> didnt know about haveged 19:39 * warren trying to figure out virtio-rng ... 19:40 < gmaxwell> haveged addresses the fact that the kernel's pool is too darn small... it pregenerates like 1mbyte of randomness, and then will track how full the pool is and feed in at a measured pace. 19:41 < gmaxwell> Everything else just dumps a bunch on the pool at once and thus doesn't get credited... which matters if you care about keeping /dev/random from blocking. 19:42 < K1773R> wow haveged is awesome :) 19:42 < warren> aside from not "perhaps its randomness is garbage" part 19:42 < gmaxwell> yea, just don't read the code. (I contemplated integrating it into bitcoind and managed to not choke on the resulting vomit) 19:45 < gmaxwell> warren: well, it passes tests at least... 19:46 < K1773R> i ordered some of these http://www.entropykey.co.uk/ almost a year ago, didnt get mine yet :( 19:46 < gmaxwell> K1773R: yea. :( 19:47 < warren> heh, bitcoin uses a screenshot? amusing. 19:50 < gmaxwell> yea, in windows. 19:53 < K1773R> gmaxwell: can you recommend http://www.vanheusden.com/ved/ ? 19:55 < warren> K1773R: I'm amused that the thing he recommended had praise of "managed to not choke on the resulting vomit". 19:56 < gmaxwell> K1773R: I looked at it before and concluded its entropy estimation was bunk. Running it couldn't be harmful however. (likewise with their audio one) 19:56 < gmaxwell> warren: there are lots of ways software can be good/bad. 19:56 < gmaxwell> Go look at the havage source code, it's a engineering disaster of crazy C macro abuse. But its handling of the kernel is excellent. 19:57 < gmaxwell> But I wouldn't recommend it as the only entropy source for a high security application because I'm unconvinced that their cache timing stuff is actually all that random... and not just determinstic based on some really complicated cpu-internal state. 19:58 < gmaxwell> but I use it on my hosts that have randomness supply issues. 19:58 < gmaxwell> it's good just for its management of the too small kernel pool. 19:58 < gmaxwell> (changing the kernel pool size requires patching and recompiling, ... kinda cruddy if you want to stay with a distro kernel) 19:59 < K1773R> yea, should be a kernel option... 19:59 < warren> wget http://reddit.com/r/somewhere and pipe to rngd. Random garbage source. 19:59 < gmaxwell> it was a proc settable thing until there was some bug related to it 20:00 < K1773R> warren: lol 20:00 < gmaxwell> warren: yea, totally secure against someone with no access to reddit. :P 20:00 < gmaxwell> might as well "echo "my scheme is to run a cron that curl http://reddit.com/r/somewhere into /dev/random" > /dev/random" :P 20:13 < warren> jgarzik: https://fedoraproject.org/wiki/Features/Virtio_RNG 20:14 < warren> jgarzik: dang, sounds like RHEL6's libvirt doesn't actually know how to launch qemu with the virtio-rng-pci tihng 20:25 < midnightmagic> so awesome: https://www.usenix.org/conference/woot13/page-fault-weird-machine-lessons-instruction-less-computation 20:32 < warren> jgarzik: my mistake, I see RHEL6 updated its libvirt! 23:38 < sipa> haveged ftw --- Log closed Sun Oct 06 00:00:44 2013