Hi,
i am trying to set up Passbolt on Ubuntu 22.04 LTS
During the step of checking the entropy I noticed that it is stuck at 256.
I tried to install rng-tools and haveged to increase it but it is still at the value of 256.
I am running Ubuntu 22.04.1 LTS / 5.15.0-48-generic on a VM.
I have read that in a recent update the entropy value was capped at 256 but I can’t figure out if this in any way would hinder Passbolt from working properly.
I would be glad if anyone could help me out
Hi @DM_123,
Are you using Ubuntu Desktop or Ubuntu Server ?
It’s not a bug or an issue, this has been picked up by thousands of unix users. Everyone running kernel v-5.15.0-47 and up would have the entropy hardcoded at 256.
I am not too sure how passbolt would react to low entropy as i always aim for 3000+ preferably 4096
There was a large commit done for 5.15.X, you can find it here kernel/git/stable/linux.git - Linux kernel stable tree
If you would like to change the hard coded value, it is located drivers/char/random.c
Jump to line 551 and you will see it is set to 8, which would be 256.
8*32 = 256
enum {
POOL_BITS = BLAKE2S_HASH_SIZE * 8,
POOL_READY_BITS = POOL_BITS, /* When crng_init->CRNG_READY */
POOL_EARLY_BITS = POOL_READY_BITS / 2 /* When crng_init->CRNG_EARLY */
};
if you would like to have lets say 4096, you would need to change the hardcoded value from 8 to 128.
128*32 = 4096
https://git.kernel.org/pub/scm/linux/kernel/git/crng/random.git/log/drivers/char/random.c
Entropy matters a lot, here is another reference particular to passbolt. Passbolt Help | Why should I install haveged on virtual environments?
Hi
I am using Ubuntu Server.
Thanks for your detailed clarification.
Related kernel commit explanation for reference: [PATCH 5.15 038/145] random: use computational hash for entropy extraction - Greg Kroah-Hartman
@remy maybe use of haveged needs to be revisited in docs.
As I am reading through the patch comments, it appears that the structuring of the random number generation has changed and running out of entropy (or a security concern of an attacker zeroing it out) is no longer a risk?
Thanks guys for the information, very good to know, and yes, the entropy help page should be updated.
Could you perhaps try debian 11 as i have actively installed and used it without any entropy issues.
That is exactly what i was thinking. I am not sure why this move was initiated and why it was thought to be a “good idea”.
The commit needs to be revisited and fixed.
Maybe I’m reading it wrong, but it seems better to me if the rng process is started with a controllable encryption algorithm rather than vulnerable noise sourcing which can be compromised, leading to no randomness. In this way entropy is always secure and cannot be exhausted.