April 13, 2017 - Cedric Bail

Improve System Entropy to Speed Up Secure Internet Connections

After my previous blog post, you should now be using SSH and Tor all the more often, but things are probably slow when you are trying to setup a secure connection with this method. This may well be due to your computer lacking a proper source of entropy to create secure cryptographic keys. You can check the entropy of your system with the following command.

This will return a number, hopefully it’s above 3,000 because that’s what is likely needed to keep up with your needs. So what do you do if it’s not high enough? This article will cover two tips to improve your computer’s entropy. All examples in this guide are for Linux distributions that use systemd.

rngd

rngd is a tool designed to feed the system with more entropy from various sources. It is part of the rng-tools package. After installing it, the rngd service needs to be started and enabled; the following command will do so:

tpm

The Trusted Platform Module (TPM) has a hardware random generator that can also be used to improve system entropy. If your system has TPM, it will be available for rng to use. Most modern computers come with TPM these days, you can check to see on your system by doing the following command:

If this returns a result, you can enable rng to use tpm by doing the following:

For a more permanent solution, do the following:

Once this is done, find where the location of the configuration file by doing the following:

With this information, you can now modify the /etc/conf.d/rngd with the following information:

Restart rngd.service and check the entropy on your system again. This should make setting up cryptographic keys slightly faster.

Cedric Bail

About Cedric Bail

Cedric has been contributing for a long time to EFL. He is known as the borker due to his work on optimizing the core libraries and triggering side effect bugs which tend to take years to be discovered.

Image Credits: Rachael Towne

Development / Linux / Open Source Infrastructure privacy / Security / tor /

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments Protected by WP-SpamShield Anti-Spam