# haveged = excellent



## tonyg (May 29, 2014)

Thanks to wlanboy for bringing up haveged and this post: 

Here is my story.

I run rsylog as a central logging server that gets log data from two client VPSs via an SSL/TLS connection.
To enhance entropy I was using rngd with the following in the config file:
HRNGDEVICE=/dev/urandom

Everything worked fine except these occasional errors showing up in the logs:
GnuTLS error: Error in the push function.
rngd[2819]: block failed FIPS test 0x04

The first error was occurring right after log rotation on the central logging server. The actual error was reported by the ryslog clients.
The failed FIPS test was random and coming from both the rsyslog server and clients.

Long story short, since switching to haveged both of the above errors have been eliminated.


----------



## Magiobiwan (May 29, 2014)

haveged is definitely a lifesaver. Newer servers have rrand on the CPUs (anything with an E3-xxxx v3 or newer IIRC), which also helps. OpenVZ environments are messy sometimes, and if the host node doesn't have a sufficient entropy pool, it can really bog everything down. OpenVZ HNs are also a great place for haveged to collect entropy though, as the heavily multithreaded environment creates plenty of Entropy for haveged.


----------



## Amitz (May 29, 2014)

Yeah! I still (platonically) love wlanboy for the hint!


----------



## texteditor (May 29, 2014)

Amitz said:


> Yeah! I still (platonically) love wlanboy for the hint!


same except not platonically


----------



## HalfEatenPie (May 29, 2014)

texteditor said:


> same except not platonically


Get in line.


----------



## Schultz (Jun 4, 2014)

Excellent review OP.


----------

