OVH Arch Linux VPS image is annoying.
They installed and enabled dhcpcd but also have the systemd-networkd DHCP client enabled too. They race with each other and sometimes end up causing a 2 minute delay at boot.
It also has the obsolete haveged service installed + enabled too.
Conversation
Replying to
Modern Linux kernel has a proper CSPRNG and has dropped all of the cargo cult entropy exhaustion nonsense. /dev/random and getrandom(...) only block until the CSPRNG is initialized in early boot and never again. Rather than blocking indefinitely, the kernel also now fixes it.
1
2
If reading from /dev/random or calling getrandom(...) would block due to the CSPRNG not being initialized yet, the kernel starts generating jitter entropy until the CSPRNG is initialized. Using haveged is only adding extra complexity with no real benefits.
2
3
This thread I posted a few weeks ago has the kernel versions where these things were fixed:
twitter.com/DanielMicay/st
Linux 5.4 added proactively generating entropy and Linux 5.6 removed their cargo cult blocking pool. It's all ChaCha20 CSPRNGs without any nonsense now.
Quote Tweet
Linux 5.6 removed the cargo cult blocking CSPRNG.
/dev/random now works the same way as getrandom. It only blocks until CSPRNG is initialized after booting.
GRND_RANDOM flag for getrandom doesn't do anything anymore.
/dev/urandom still doesn't wait for CSPRNG initialization.
Show this thread
1
1
So, on Linux 5.6 and later, everything should just use either getrandom(...) or /dev/random (getrandom avoids depending on opening a file, which is nice) and there's no point of stuff like haveged anymore.
github.com/jirka-h/havege actually states that now itself.
