Man Linux: Main Page and Category List


       haveged - Feed kernel random device


       haveged [options]


       The  hardware  events that are the ultimate source of any random number
       sequence are pooled by the /dev/random device  for  later  distribution
       via  the  device  interface.  The  standard  mechanism  for  harvesting
       randomness  for  the  pool  may  not  be  sufficient  to  meet  demand,
       especially   on   those   systems  with  high  needs  or  limited  user

       The  HAVEGE  (HArdware  Volatile  Entropy  Gathering   and   Expansion)
       algorithum   harvests  the  indirect  effects  of  hardware  events  on
       processor state (caches, branch predictors, memory translation  tables,
       etc)  rather  than  attempting  to  extract  randomness from individual
       events. The effects of interrupt service on processor state are visible
       from  userland  as  timing variations in program execution speed. Using
       code designed to  mostly  fill  the  instruction  cache,  a  data  area
       occupying  a  large  portion of the processors data cache, and with the
       processor time stamp counter as the  data  input,  it  is  possible  to
       construct  a  calculation that will reliably generate a random sequence
       even on an "idle" system.

       Haveged is a daemon that uses HAVEGE to maintain a 1M  pool  of  random
       bytes  used  to  fill /dev/random whenever the supply of random bits in
       dev/random falls below the low water mark of the device. The  principle
       inputs  to  havaged are the sizes of the processor instruction and data
       caches used to setup the HAVEGE collector.  The haveged  default  is  a
       4kb  data  cache and a 16kb instruction cache. On machines with a cpuid
       instruction, haveged will attempt to  select  appropriate  values  from
       internal tables.

       Although  CISC  architectures  appear insensitive to tuning parameters,
       there is no guarantee that manual tuning of daemon may not be  required
       under  some  circumstances.   The  output  of  the HAVEGE random number
       generator should be verified on every installation before the daemon is
       put into production.


       -d nnn, --data=nnn
              Set data cache size to nnn KB. Default is 16 or as determined by

       -f file, --file=file
              Set sample output file path - default is "sample"

       -i nnn, --inst=nnn
              Set instruction cache size to  nnn  KB.  Default  is  16  or  as
              determined by cpuid.

       -r n, --run=n
              Set run level 0=daemon,1=config info,>1=Write <r>KB sample file

       -v n, --verbose=n
              Set output level 0=minimal,1=config/fill items

       -w nnn, --write=nnn
              Set write_wakeup_threshold to nnn bits

       -?, --help
              This summary of program options.


       The following diagnostics may be issued to stderr upon termination:

       Cannot fork into the background
              Call to daemon(3) failed.

       Cannot open file <s> for writing.
              Could not open sample file <s> for writing.

       Cannot write data in file:
              Could not write data to the sample file.

       Couldn’t get poolsize.
              Unable to read /proc/sys/kernel/random/poolsize

       Couldn’t initialize HAVEGE rng
              Invalid data or instruction cache size.

       Couldn’t open random device
              Could not open /dev/random for read-write.

       Couldn’t query entropy-level from kernel: error
              Call to ioctl(2) failed.

       Couldn’t open PID file <path> for writing
              Error writing /var/run/

              Unable                 to                write                to

       RNDADDENTROPY failed!
              Call to ioctl(2) to add entropy failed

       Select error
              Call to select(2) failed.


       Gary Wuertz <>