I have a server running on Intel CoreT i3-4330TE Processor. OS is Centos 6.7. We are working on FIPS compliance for our product and wanted to use only /dev/random in our application code. But there is not enough entropy in the system.
cat /proc/sys/kernel/random/entropy_avail : shows between 100 to 200.
I have verified that RDRAND instruction is supported :
1. rdrand is found in the flags in /proc/cupinfo (please refer attachment)
2. Ran cpuid and verified that the bit 30 in ECX register is 1. (please refer attachment)
Installed rng-tools. But rngd -v does not list DRNG. Even I attempted running cat /dev/random | rngtest -c 1000
The test just hangs.
I would like to know why DRNG is not listed when I run rngd -v and why entropy is so less on the system even though RDRAND instruction is supported.
Would appreciate any pointers to address the issue.
Have already gone through : https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide
- Intel® Advanced Vector Extensions (Intel® AVX)
- Intel® Streaming SIMD Extensions
- Parallel Computing
Passing along a comment from an internal (linux) developer:
Centos 6 is too old. RDRAND support was added with kernel 3.5.
They can write a simple user program that does rdrand/seed and feeds it into /dev/random using the RNDADDENTROPY ioctl similar to http://halobates.de/pub/ak/smallsrc/rndfeed.c