VPS Entropy

Entropy (ie the source of random numbers) is generated by keeping an eye on such things as mouse/keyboard use, hardware interupts. However on VPSs some of this is unavailable, so here's the process for using the bitfolk entropy service.

  1. Install the package we need:
    sudo aptitude install ekeyd-egd-linux
  2. Poke a hole in the firewall:
    sudo iptables --append OUTPUT -p tcp --dport 8888 -d 212.13.194.102 -j ACCEPT
  3. Edit the configuration file:
    sudo nano -w /etc/default/ekeyd-egd-linux
    1. START_EKEYD_EGD_LINUX=YES
    2. HOST=212.13.194.102
    3. PORT=8888
    4. WATERMARK=2048
    5. BLOCKS=2
    6. RETRYTIME=10
  4. Start the service:
    sudo /etc/init.d/ekeyd-egd-linux start

Since doing this I've noticed that I'm getting fewer SSL connections timingout or taking a while to get started, presumably because there's a much larger amount of entropy available - a factor of 10 to 20 times more.

Further Reading:

  1. http://strugglers.net/~andy/blog/2010/06/06/adventures-in-entropy-part-1/
  2. http://strugglers.net/~andy/blog/2010/06/07/adventures-in-entropy-part-2/

Tags: