让linux缓冲/ dev / random [英] Getting linux to buffer /dev/random
问题描述
我需要为正在编写的应用程序合理提供高质量的随机数据。 Linux为此提供了/ dev / random文件,这是理想的选择。但是,由于我的服务器是单一服务的虚拟机,因此它的熵源非常有限,这意味着/ dev / random很快就会用尽。
I need a reasonable supply of high-quality random data for an application I'm writing. Linux provides the /dev/random file for this purpose which is ideal; however, because my server is a single-service virtual machine, it has very limited sources of entropy, meaning /dev/random quickly becomes exhausted.
我注意到如果我从/ dev / random中读取,则在设备等待更多信息熵之前,我只会得到16个左右的随机字节:
I've noticed that if I read from /dev/random, I will only get 16 or so random bytes before the device blocks while it waits for more entropy:
[duke@poopz ~]# hexdump /dev/random
0000000 f4d3 8e1e 447a e0e3 d937 a595 1df9 d6c5
<process blocks...>
如果我终止此过程,请走一个小时然后重复执行该命令,再次只输入16个左右产生随机数据字节。
If I terminate this process, go away for an hour and repeat the command, again only 16 or so bytes of random data are produced.
但是-如果我让命令运行相同的时间,则随机性会增加很多收集数据。我据此假设,在给定的时间段内,系统会产生大量的熵,但是Linux仅在您实际从/ dev / random中读取时才利用它,而如果不是,则将其丢弃。如果是这种情况,我的问题是:
However - if instead I leave the command running for the same amount of time, much, much more random data are collected. I assume from this that over the course of a given timeperiod, the system produces plenty of entropy, but Linux only utilises it if you are actually reading from /dev/random, and discards it if you are not. If this is the case, my question is:
是否可以将Linux配置为缓冲/ dev / random,以便从中读取会产生更大的脉冲串。高质量的随机数据?
作为程序的一部分,对我来说缓冲/ dev / random并不难,但是我觉得可以在系统级别会更优雅。我还想知道让Linux在内存中缓冲其随机数据是否会带来安全隐患。
It wouldn't be difficult for me to buffer /dev/random as part of my program but I feel doing this at a system level would be more elegant. I also wonder if having Linux buffer its random data in memory would have security implications.
推荐答案
听起来像您需要一个熵守护进程,它可以从其他来源获取熵池。
Sounds like you need an entropy deamon that feeds the entropy pool from other sources.
这篇关于让linux缓冲/ dev / random的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
