Random generator
Introduction
- This how-to describes the method for optimizing RNG on OpenWrt.
- It may help to minimize system startup time on low performance devices.
Goals
- Minimize startup time for cryptography-dependent services.
- Avoid potential deadlock states and race conditions.
Command-line instructions
Provide fast RNG with rng-tools.
# Install packages opkg update opkg install rng-tools # Configure RNG uci set system.@rngd[0].enabled="1" uci commit system service rngd restart
Testing
Test the entropy pool size.
sysctl kernel.random.entropy_avail
Use rngtest to check the randomness of data.
RNG_DEV="$(uci get system.@rngd[0].device)" rngtest -c 1000 < ${RNG_DEV}
Troubleshooting
Collect and analyze the following information.
# Restart services service log restart; service rngd restart # Log and status logread -e rngd; pgrep -f -a rngd # Persistent configuration uci show system
Extras
Software RNG
Use software RNG by default.
# Use software RNG uci set system.@rngd[0].device="/dev/urandom" uci commit system service rngd restart
Hardware RNG
Use hardware RNG if available.
# Use hardware RNG uci set system.@rngd[0].device="/dev/hwrng" uci commit system service urngd disable && service urngd stop service rngd restart