table of contents
other versions
- wheezy 1.4-4
- wheezy-backports 1.9.1-1~bpo70+1
- jessie 1.9.1-1
- testing 1.9.1-5
- unstable 1.9.1-5
haveged(8) | SYSTEM ADMINISTRATION COMMANDS | haveged(8) |
NAME¶
haveged - Generate random numbers and feed linux random device.SYNOPSIS¶
haveged [options]DESCRIPTION¶
The HAVEGE (HArdware Volatile Entropy Gathering and Expansion) algorithum harvests the indirect effects of hardware events on hidden processor state (caches, branch predictors, memory translation tables, etc) to generate a random sequence. The effects of interrupt service on processor state are visible from userland as timing variations in program execution speed. Using a branch-rich calculation that fills the processor instruction and data cache, a high resolution timer source such as the processor time stamp counter can generate a random sequence even on an "idle" system.OPTIONS¶
- -b nnn, --buffer=nnn
- Set collection buffer size to nnn KB. Default is 128.
- -d nnn, --data=nnn
- Set data cache size to nnn KB. Default is 16 or as determined by cpuid.
- -f file, --file=file
- Set output file path for non-daemon use. Default is "sample", use '-' for stdout.
- -i nnn, --inst=nnn
- Set instruction cache size to nnn KB. Default is 16 or as determined by cpuid.
- -n nnn, --number=nnn
- Set number of bytes written to the outputfile. The value may be specified using one of the suffixes k, m, g, or t. The upper bound of this value is "16t" (2^44 Bytes = 16TB). A value of 0 indicates unbounded output and forces output to stdout.
- -r n, --run=n
- Set run level for daemon interface:
n = 0 Run as daemon - must be root. Fills /dev/random when the supply of random
bits
falls below the low water mark of the device. This argument is required if the
daemon interface is not present. If the daemon interface is present, this takes
precedence over any -r value. n = 1 Display configuration info and terminate. n > 1 Write <n> kb of output. Deprecated (use -n instead), only provided for backward compatibility.
falls below the low water mark of the device. This argument is required if the
daemon interface is not present. If the daemon interface is present, this takes
precedence over any -r value. n = 1 Display configuration info and terminate. n > 1 Write <n> kb of output. Deprecated (use -n instead), only provided for backward compatibility.
- -v n, --verbose=n
- Set output level 0=minimal, 1=config/fill items, use -1 for all diagnostics.
- -w nnn, --write=nnn
- Set write_wakeup_threshold of daemon interface to nnn bits. Applies only to run level 0.
- -?, --help
- This summary of program options.
DIAGNOSTICS¶
The following diagnostics may be issued to stderr upon termination:Call to daemon(3) failed.
Cannot open file <s> for writing.
Could not open sample file <s> for
writing.
Cannot write data in file:
Could not write data to the sample file.
Couldn't get poolsize.
Unable to read
/proc/sys/kernel/random/poolsize
Couldn't initialize HAVEGE rng
Invalid data or instruction cache size.
Couldn't open random device
Could not open /dev/random for read-write.
Couldn't query entropy-level from kernel: error
Call to ioctl(2) failed.
Couldn't open PID file <path> for writing
Error writing /var/run/haveged.pid
Fail:set_watermark()
Unable to write to
/proc/sys/kernel/random/write_wakeup_threshold
RNDADDENTROPY failed!
Call to ioctl(2) to add entropy failed
Select error
Call to select(2) failed.
EXAMPLES¶
- Write 1.5MB of random data to the file /tmp/random
- haveged -n 1.5M -f /tmp/random
- Generate a /tmp/keyfile for disk encryption with LUKS
- haveged -n 2048 -f /tmp/keyfile
- Overwrite partition /dev/sda1 with random data. Be careful, all data on the partition will be lost!
- haveged -n 0 | dd of=/dev/sda1
- Generate random ASCII passwords of the length 16 characters
- (haveged -n 1000 -f - 2>/dev/null | tr -cd '[:graph:]' | fold -w 16 && echo ) | head
- Write endless stream of random bytes to the pipe. Utility pv measures the speed by which data are written to the pipe.
- haveged -n 0 | pv > /dev/null
- Evaluate speed of haveged to generate 1GB of random data
- haveged -n 1g -f - | dd of=/dev/null
- Create a random key file containing 65 random keys for the encryption program aespipe.
- haveged -n 3705 -f - 2>/dev/null | uuencode -m - | head -n 66 | tail -n 65
- Test the randomness of the generated data with dieharder test suite
- haveged -n 0 | dieharder -g 200 -a
SEE ALSO¶
AUTHOR¶
Gary Wuertz <gary@issiweb.com> and Jirka HladkySEE ALSO¶
http://www.issihosts/haveged/October 23, 2011 | version 1.3 |