Page MenuHomeVyOS Platform

Add haveged package
Closed, ResolvedPublicFEATURE REQUEST

Description

VyOS systems can consume a lot of entropy. The most prevalent case being in VPN scenarios, but Linux also uses entropy when assigning ephemeral ports, etc. which can have an impact on both performance and security. It shouldn't add any problems to include haveged, which is already packaged for Jessie.

  • If the target system contains a functioning TRNG, the default entropy floor for haveged (1024) will almost certainly never be reached, thus it will remain inactive and shouldn't affect the system adversely.
  • If there is not an onboard TRNG however, havaged will feed good-quality entropy into the system pool whenever necessary.
  • In a situation where internal volatile hardware states aren't available (such as in VM/PV environments), haveged will simply fail gracefully, so there isn't much downside.

It's worth noting that I have been running havaged on systems lacking a TRNG since prior to VyOS 1.0 without any problems.

Details

Difficulty level
Easy (less than an hour)
Version
-
Why the issue appeared?
Will be filled on close

Event Timeline

cwadge triaged this task as Wishlist priority.Nov 28 2017, 4:09 AM
cwadge added a project: VyOS 2.0.x.
cwadge changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).

trivial patch

attached. I am running 1.2.0 "current" with this.

syncer removed a project: VyOS 2.0.x.
syncer added subscribers: hagbard, syncer.

@hagbard can you merge this please

verified availability.
VyOS 1.2.0-rolling+201810160337