Page MenuHomePhabricator

Add haveged package
Closed, ResolvedPublicFEATURE REQUEST

Description

VyOS systems can consume a lot of entropy. The most prevalent case being in VPN scenarios, but Linux also uses entropy when assigning ephemeral ports, etc. which can have an impact on both performance and security. It shouldn't add any problems to include haveged, which is already packaged for Jessie.

  • If the target system contains a functioning TRNG, the default entropy floor for haveged (1024) will almost certainly never be reached, thus it will remain inactive and shouldn't affect the system adversely.
  • If there is not an onboard TRNG however, havaged will feed good-quality entropy into the system pool whenever necessary.
  • In a situation where internal volatile hardware states aren't available (such as in VM/PV environments), haveged will simply fail gracefully, so there isn't much downside.

It's worth noting that I have been running havaged on systems lacking a TRNG since prior to VyOS 1.0 without any problems.

Details

Difficulty level
Easy (less than an hour)
Version
-
Why the issue appeared?
Will be filled on close
cwadge created this task.Nov 13 2017, 10:03 PM
cwadge triaged this task as Wishlist priority.Nov 28 2017, 4:09 AM
cwadge added a project: VyOS 2.0.x.
cwadge changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).

trivial patch

attached. I am running 1.2.0 "current" with this.

syncer assigned this task to hagbard.
syncer added subscribers: hagbard, syncer.

@hagbard can you merge this please

hagbard closed this task as Resolved.Oct 16 2018, 4:56 PM

verified availability.
VyOS 1.2.0-rolling+201810160337