haveged

Generate a random number

$ sudo haveged

$ sudo haveged [[-F|--Foreground]]

$ sudo haveged [[-f|--file]] [path/to/file]

$ sudo haveged [[-r|--run]] [runlevel]

$ sudo haveged [[-b|--buffer]] [buffersizeinKW]

$ sudo haveged [[-c|--command]] [command]

$ sudo haveged [[-d|--data]] [cachesizeinKW]

$ sudo haveged [[-n|--number]] [byteamount]

haveged [options]

-b <bytes>
    Sets the buffer size for entropy collection. Default is typically 128KB.

-c <cycles>
    Specifies the number of cycles to collect per bit. Default 0 enables auto-tuning.

-d <N>
    Controls daemonization: 0 for foreground, 1 for background. Overridden by -F.

-F
    Forces haveged to run in the foreground, useful for debugging.

-g <group>
    Specifies the group name or GID under which haveged should run.

-i <bytes>
    Sets the amount of entropy (in bytes) to initially fill /dev/random upon startup. Default is typically 1024 bytes.

-n <bytes>
    Writes the specified number of bytes to the entropy pool and then exits.

-p <file>
    Specifies the path for the PID file.

-r <device>
    Sets the path to the entropy output device. Default is /dev/random.

-s <file>
    Specifies a file to read/write a seed for startup/shutdown.

-u <user>
    Specifies the user name or UID under which haveged should run.

-v <N>
    Sets the verbosity level: 0=quiet, 1=errors, 2=info, 3=debug.

-w <N>
    Sets the entropy watermark in bits. haveged tries to keep entropy above this level. Default is typically 1024 bits.

--version
    Displays version information and exits.

--help
    Displays a help message and exits.

haveged is a user-space daemon that continuously feeds the Linux kernel's entropy pool, crucial for /dev/random and /dev/urandom. It is particularly valuable in environments where traditional hardware entropy sources are scarce, such as virtual machines, embedded systems, or new server installations. haveged generates high-quality random numbers by measuring microscopic, unpredictable variations in CPU instruction execution times (CPU jitter). This software-based method ensures a steady supply of entropy, preventing applications from blocking when requesting cryptographically secure random data from /dev/random and generally enhancing system security by providing sufficient randomness for cryptographic operations.

While haveged provides a robust software-based entropy source, systems with dedicated hardware Random Number Generators (RNGs) might not strictly require it, or can use it as a supplement.
The quality of entropy from CPU jitter is widely accepted but relies on the unpredictability of timing, which differs from true physical noise sources.
Ensure proper user/group permissions if running haveged with custom settings to avoid security issues.

On modern Linux distributions, haveged is typically managed as a systemd service. This ensures that it starts automatically at boot time, making entropy available early for critical system operations such as SSH key generation or SSL certificate creation.

Sufficient entropy is vital for strong cryptographic keys and operations. haveged helps ensure that applications requiring cryptographically secure random numbers (e.g., OpenSSL, SSH daemons) always have a non-blocking source of high-quality randomness.

haveged was developed by Stephen Early to address the common problem of entropy starvation, particularly in virtualized environments, containers, or embedded systems where traditional entropy sources (like disk I/O or user input) are scarce. Its development focused on providing a self-contained, software-only solution for generating high-quality random data by exploiting CPU timing jitter. It has become a crucial component in many Linux distributions to ensure sufficient entropy for cryptographic operations, preventing performance bottlenecks and enhancing system security.

rngd(8), random(4), urandom(4), getrandom(2)