SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The latest slackware[64]-current installs new rc.atd and rc.haveged files in /etc/rc.d which start the atd and haveged daemons respectively. These are installed as executable by default.
haveged is new. atd is not, although I am not conscious of having run the atd daemon before (possibly it ran without me noticing). I have no user packages installed which use them, so I was wondering if anyone knows whether there is anything supplied by slackware[64]-current itself which would make it desirable to start these daemons at boot-up?
no, it provides better entropy than /dev/random i believe
The man page says that when the runlevel is 0 (the default), haveged "fills /dev/random when the supply of random bits falls below the low water mark of the device". The general advice seems to be to run it unless you have a hardware random generator available, so I will start it on boot up.
I don't think I will start atd. Nothing seems to use it and I certainly don't.
I don't think I will start atd. Nothing seems to use it and I certainly don't.
Even when the at daemon is started at boot, the daemon does nothing unless there is user interaction.
I use the at daemon a lot. Great for one-off tasks.
Quote:
haveged is generating a secure PRG (Pseudo Random Generator) to remedy the low-entropy generated by the kernel.
I do not see this approach used in other distros. Why this is needed in Slackware? I use haveged on my Slackware systems that use an SSD. I do not use haveged on other distros. This is not a flame war question. This is a technical question. Please stick to the technical discussion and do not throw mud and poop.
I do not see this approach used in other distros. Why this is needed in Slackware? I use haveged on my Slackware systems that use an SSD. I do not use haveged on other distros. This is not a flame war question. This is a technical question. Please stick to the technical discussion and do not throw mud and poop.
It's pretty easy to starve the kernel's /dev/urandom unless something like haveged is running. One example that was mentioned here before is a long delay at boot when sendmail starts.
One example that was mentioned here before is a long delay at boot when sendmail starts.
Yes, I am aware of that discussion. I am curious only about why we have to use the daemon and other distros do not. I presume the technical answer has something to do with how other distros manage entropy. Or perhaps the way the kernel is compiled. I don't know and am asking. Just technically curious -- Slackware remains my foundation on my home LAN despite whatever else I am required to support at work.
Other distros start sendmail in the background or in parallel to the rest of the boot sequence. Presumably, something that generates entropy will start to happen and allow sendmail to start. (Or other distros don't use sendmail at all; hard to say.)
Last edited by Richard Cranium; 06-14-2018 at 02:13 PM.
Reason: Expanded point a little.
That is the likely explanation. Postfix is used across most distros.
Hanging at boot may be the most important reason to have haveged installed, as not everybody runs entropy eating services lateron.
Postfix,apache,pidgin,firefox etc. need entropy, more than it used to be a few years ago as everything uses https/tls nowerdays.
Missing entropy causes delays/timeouts on secure connections and probably more problems, and i believe there's no drawback having haveged, it only feeds extra entropy if entropy runs low.
In short, haveged prevents problems ;-)
This discussion has gotten me seriously thinking about security, and how I might improve it on my own system. The addition of haveged is good, as it will increase entropy enough for the casual user. However, as a 30+ year user of computers, and having been made aware of security issues from reading about it on the web and several courses I took as a computer science major has made me hyper-aware of the issues facing computer users today. Therefore, I have opted for a hardware route, and came upon this little gem.
Personally, I like having an external hardware random number generator, and it is natively supported by the Linux kernel. Can't be too careful these days, and the cost is certainly reasonable.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
