LinuxCommandLibrary

haveged

Generate system entropy

TLDR

Generate a random number

$ sudo haveged
copy

Run haveged in foreground
$ sudo haveged [[-F|--Foreground]]
copy

Set file path for output of haveged
$ sudo haveged [[-f|--file]] [path/to/file]
copy

Set run level for daemon
$ sudo haveged [[-r|--run]] [runlevel]
copy

Set collection buffer size in kibibyte words
$ sudo haveged [[-b|--buffer]] [buffersizeinKW]
copy

Insert a command to an already running haveged process or daemon
$ sudo haveged [[-c|--command]] [command]
copy

Set cache size in kibibyte words
$ sudo haveged [[-d|--data]] [cachesizeinKW]
copy

Set number of bytes to write to the output file
$ sudo haveged [[-n|--number]] [byteamount]
copy

SYNOPSIS

haveged [options]

PARAMETERS

-h, -?, --help
    Display help message and exit

-v, --verbose[=level]
    Set verbosity (0=quiet, 1=info (default), 2=verbose, 3=debug)

-w, --wlevel=bytes
    Wake-up threshold for writing to /dev/random (default 1024)

-d, --debug
    Foreground mode with max debug logging (-v 3 -f implied)

-f, --foreground
    Run in foreground, do not daemonize

-p, --pidfile=filename
    Write PID to specified file

-g, --generator=name
    Select generator: havege, hemu, havege128, rdrand (default: havege)

DESCRIPTION

haveged is a lightweight userspace daemon that generates pseudo-random data using the HAVEGE algorithm and feeds it into the Linux kernel's entropy pool. It addresses low-entropy issues on systems like VMs, headless servers, or embedded devices where hardware RNGs are scarce.

The daemon monitors the available entropy via /proc/sys/kernel/random/entropy_avail. When levels drop below a configurable threshold (default 1024 bits), haveged writes high-quality random bytes to /dev/random, ensuring smooth cryptographic operations without blocking.

HAVEGE exploits processor cache timing variations for entropy, producing gigabytes of data per second without special hardware. It's daemonized by default but supports foreground mode for debugging. Widely used in distributions like Arch Linux and Gentoo for boot-time entropy boosting.

While effective, haveged provides pseudo-entropy; it's best paired with hardware sources for optimal security.

CAVEATS

Generates pseudo-random data, not true hardware entropy. Use alongside hwrng if available. May slightly impact CPU on low-end systems.

TYPICAL USAGE

systemctl enable --now haveged or haveged -w 2048 -v 1 &
Check entropy: cat /proc/sys/kernel/random/entropy_avail

FILES

Reads/writes /dev/random; monitors /proc/sys/kernel/random/entropy_avail; optional PID in /run/haveged.pid

HISTORY

Developed by Bill Cox starting 2008; initial release 2011. Incorporated HAVEGE from Philippe Biondi. Adopted in Gentoo (2012), Arch Linux; active maintenance for modern CPUs.

SEE ALSO

rngd(8), egd(8)

Copied to clipboard