I run kernel 5.10; since this kernel I always had a good level of entropy (about 3000), but since some system udpate ago entropy’s level has become very low (256).
cat /proc/sys/kernel/random/entropy_avail
256
I know haveged, but won’t run because require kernel 5.4 or lower; I also know Rng-tools but doesn’t help (entropy remains lower to 256):
So ATM I don’t have haveged nor rng-tools installed.
A simple test to see if everything is working as it should is to run (in another terminal) the following dd command:
$ dd if=/dev/random of=/dev/null bs=1024 count=1 iflag=fullblock
Without rngd, the above command will take lots of time to run. With rngd working properly, the result should be almost instantaneous
But despite teh fact that I DON’T HAVE rngd, such test is however instantaneous:
dd if=/dev/random of=/dev/null bs=1024 count=1 iflag=fullblock
1+0 records in
1+0 records out
1024 bytes (1,0 kB, 1,0 KiB) copied, 0,000152152 s, 6,7 MB/s
Maybe I have to check entropy in another path?
And why because without rngd such test is instantaneous?
This happened because of changes in Linux 5.18 to RNG’s crypto and backports to older LTS Kernels. Basically the entropy_avail number is now meaningless. But I don’t have any real inside in how it’s now working.
Yeah, I’ve done the search and I just found that other people faced the same.
So, also for you cat /proc/sys/kernel/random/entropy_avail gives always 256?
We trust a single 256 bit symmetric key to encrypt arbitrary amounts of data and be secure against targeted attacks. This means a good CSPRNG with 256 bits of entropy can generate a pretty much arbitrarily large stream of cryptographically secure random numbers without ‘running out’.
