Caveat: rich in entropy

We live in a weird era. Entropy has become a kind of commodity in and of itself.

In all this messing around with my new server… with trying out new things and tinkering with it all… well, of course I have to educate myself a bit about server security. It's a big, bad world out there, and if I'm going to be running a server that's publicly visible on the internet (offering up webpages, etc.) the little machine will be lonely and vulnerable, and I have to think about how to protect it from bots and blackhats.

In the field of network security, one thing that comes up is that you have to have some fundamental understanding of the types of cryptography used these days to secure systems. There's a whole infrastructure around generating "secure" public and private keys that computers hoard and exchange with one another to authenticate themselves. I really DON'T understand this, but I wade through the documentation as I e.g. try to set up a certificate authority on my server, because some of the things I'm running there apparently require it. I run the commands they tell me to, and hopefully my little server is sorta secure. But who knows.

I was fascinated to learn, however, about a thing that is used in crypto key generation on computers: system "entropy."

On one site I was looking at, there was a discussion about the fact that virtual machines (the sorts you rent from big companies to run cheap little servers, as I have done) have extremely low "available entropy" while your typical crummy desktop has very high "available entropy" – therefore when I generate my keys, I should do so on my desktop, not my server – I can upload the generated keys to my server later.

I think it's kind of a funny concept. The mass-produced, cookie-cutter, high quality, reliable servers found on the giant server farms are lacking in a certain commodity that they desperately need for their security: entropy. So the admins have to go out to their desktops to get the entropy they need. I sit here and I listen to my cruddy, 7 year old Jooyontech Korean PC-clone desktop, with its perpetually failing CPU fan groaning intermittently and the weird system noises filtering though the sound channel onto my speakers, and I can rest assured that that's all part and parcel of having lots and lots of good, tasty entropy that I can feed to my server in the form of so many sweet, generated security keys.

One site I was reading said that typical desktop entropy should be around 2000 (in whatever units entropy is measured with…).

Out of curiosity, I plugged in the Linux command that would tell me my system's entropy. I got 3770. Wow! I'm rich! … in entropy, anyway.

Meanwhile, my server, a virtual machine in some well-air-conditioned server farm facility across the Pacific in California, manages only 325 units of entropy. So sad. The chaos-poor, withered fruits of conformity.

[daily log: walking, 7km]

Back to Top