haveged(8) SYSTEM ADMINISTRATION COMMANDS haveged(8)NAMEhaveged - Generate random numbers and feed linux random device.
SYNOPSIShaveged [options]
DESCRIPTION
The HAVEGE (HArdware Volatile Entropy Gathering and Expansion) algo‐
rithum harvests the indirect effects of hardware events on hidden pro‐
cessor state (caches, branch predictors, memory translation tables,
etc) to generate a random sequence. The effects of interrupt service
on processor state are visible from userland as timing variations in
program execution speed. Using a branch-rich calculation that fills the
processor instruction and data cache, a high resolution timer source
such as the processor time stamp counter can generate a random sequence
even on an "idle" system.
In Linux, the hardware events that are the ultimate source of any ran‐
dom number sequence are pooled by the /dev/random device for later dis‐
tribution via the device interface. The standard mechanism of harvest‐
ing randomness for the pool may not be sufficient to meet demand, espe‐
cially on those systems with high needs or limited user interaction.
Haveged provides a daemon to fill /dev/random whenever the supply of
random bits in /dev/random falls below the low water mark of the
device.
Haveged also provides a direct file system interface to the collection
mechanism that is also useful in other circumstances where access to
the dev/random interface is either not available or inappropriate.
In either case, haveged uses HAVEGE to maintain a 1M pool of random
bytes consumed by the interface. The principle inputs to havaged are
the sizes of the processor instruction and data caches used to setup
the HAVEGE collector. The haveged default is a 4kb data cache and a
16kb instruction cache. On machines with a cpuid instruction, haveged
will attempt to select appropriate values from internal tables.
Although CISC architectures appear insensitive to tuning parameters,
there is no guarantee that manual tuning of the algorithm may not be
required under some circumstances. The output of the HAVEGE random num‐
ber generator should be verified on any installation before the haveged
is put into production.
OPTIONS-d nnn, --data=nnn
Set data cache size to nnn KB. Default is 16 or as determined by
cpuid.
-f file, --file=file
Set output file path for non-daemon use. Default is "sample",
use '-' for stdout.
-i nnn, --inst=nnn
Set instruction cache size to nnn KB. Default is 16 or as deter‐
mined by cpuid.
-n nnn, --number=nnn
Set number of bytes written to the outputfile. The value may be
specified using one of the suffixes k, m, g, or t. The upper
bound of this value is "16t" (2^44 Bytes = 16TB). A value of 0
indicates unbounded output and forces output to stdout.
-r n, --run=n
Set run level for daemon interface:
n = 0 Run as daemon - must be root. Fills /dev/random when the
supply of random bits
falls below the low water mark of the device. This argument is
required if the
daemon interface is not present. If the daemon interface is
present, this takes
precedence over any -r value.
n = 1 Display configuration info and terminate.
n > 1 Write <n> kb of output. Deprecated (use -n instead), only
provided for backward compatibility.
-v n, --verbose=n
Set output level 0=minimal, 1=config/fill items, use -1 for all
diagnostics.
-w nnn, --write=nnn
Set write_wakeup_threshold of daemon interface to nnn bits.
Applies only to run level 0.
-?, --help
This summary of program options.
DIAGNOSTICS
The following diagnostics may be issued to stderr upon termination:
Cannot fork into the background
Call to daemon(3) failed.
Cannot open file <s> for writing.
Could not open sample file <s> for writing.
Cannot write data in file:
Could not write data to the sample file.
Couldn't get poolsize.
Unable to read /proc/sys/kernel/random/poolsize
Couldn't initialize HAVEGE rng
Invalid data or instruction cache size.
Couldn't open random device
Could not open /dev/random for read-write.
Couldn't query entropy-level from kernel: error
Call to ioctl(2) failed.
Couldn't open PID file <path> for writing
Error writing /var/run/haveged.pid
Fail:set_watermark()
Unable to write to /proc/sys/kernel/random/write_wakeup_thresh‐
old
RNDADDENTROPY failed!
Call to ioctl(2) to add entropy failed
Select error
Call to select(2) failed.
EXAMPLES
Write 1.5MB of random data to the file /tmp/random
haveged-n 1.5M -f /tmp/random
Generate a /tmp/keyfile for disk encryption with LUKS
haveged-n 2048 -f /tmp/keyfile
Overwrite partition /dev/sda1 with random data. Be careful, all data on
the partition will be lost!
haveged-n 0 | dd of=/dev/sda1
Generate random ASCII passwords of the length 16 characters
(haveged -n 1000 -f - 2>/dev/null | tr -cd '[:graph:]' | fold -w
16 && echo ) | head
Write endless stream of random bytes to the pipe. Utility pv measures
the speed by which data are written to the pipe.
haveged-n 0 | pv > /dev/null
Evaluate speed of haveged to generate 1GB of random data
haveged-n 1g -f - | dd of=/dev/null
Create a random key file containing 65 random keys for the encryption
program aespipe.
haveged-n 3705 -f - 2>/dev/null | uuencode -m - | head -n 66 |
tail -n 65
Test the randomness of the generated data with dieharder test suite
haveged-n 0 | dieharder -g 200 -a
SEE ALSOcryptsetup(8), aespipe(1), pv(1), openssl(1), uuencode(1)AUTHOR
Gary Wuertz <gary@issiweb.com> and Jirka Hladky
SEE ALSO
http://www.issihosts/haveged/
version 1.3 October 23, 2011 haveged(8)