> On 18 Feb 2019, at 21:50, Didier Kryn <kryn@???> wrote:
>
>> Le 17/02/2019 à 17:29, Mike Tubby a écrit :
>> If you install 'haveged' package /dev/random and /dev/urandom should (a) be better quality and (b) programs that need chunks of random data such as SSL on start-up should come up more quickly, i.e. not block waiting
>
>
> Looks kije a great suggestion. I'd never heared of it.
>
> Shouldn't this package be recommended, or at least suggested, by things like openssl and openssh ?
The quality of entropy from haveged is not guaranteed.
https://security.stackexchange.com/questions/34523/is-it-appropriate-to-use-haveged-as-a-source-of-entropy-on-virtual-machines
https://lwn.net/Articles/525459/
Maybe rng tools might be a better option if you are low on entropy? I don’t claim to be an expert on security or crypto though.
https://wiki.archlinux.org/index.php/Rng-tools
—Tom