What's new
By:

Jitterentropy-Rngd high CPU use

M

michaels2408

Occasional Visitor
Recently updated my RT-AC88U to 386.2.4 . Since, I have seen very high CPU usage from the jitterentropy-rngd daemon, somtimes as high as 80% getting close to maxing out both cores. On a positive note this is not consistent. It waxes and wanes with usage increases when WAN throughput is higher. Is this normal?

1620289360616.png
 
You’re also running haveged which is probably trying to do the same thing. Maybe a conflict?
 
Hmm. I have this too but i cannot locate how to easily remove it.

This is a new install and it will have got in with amtm and i have installed:

DIversion
Skynet
scribe
unbound Manager
uiDivStats
uiScribe

Any suggestions on how to isolate and resolve the issue cleanly? Im new to asuswrt but familar with linux etc.
 
Haveged usually installs with DNScrypt which you do not have listed. If it is installed then the easiest way is to go to ssh into the router and navigate to /tmp/opt/etc/init.d . Look for S**haveged startup script, remove and reboot. If you want to save the script just move it to another directory.
 
Ok nice now i know where init.d is i feel better :)

i just made it non executable "chmod -x S02haveged"
 
I recommend you notify script developers that they should ensure they do not install haveged when another entropy generating daemon is present.
 
In dnscrypt installer, Haveged is optional to install. Can be uninstalled from dnscrypt installer menu also.
It is not the entware version of haveged that is used by dnscrypt installer, Think this version was compiled especially for asuswrt-merlin.
I have dnscrypt installer's haveged installed and have not noticed any issues so far, been keeping a eye on it since this tread came.
 
Last edited:
Zastoff said:
In dnscrypt installer, Haveged is optional to install. Can be uninstalled from dnscrypt installer menu also.
It is not the entware version of haveged that is used by dnscrypt installer, Think this version was compiled especially for asuswrt-merlin.
I have dnscrypt installer's haveged installed and have not noticed any issues so far, been keeping a eye on it since this tread came.
Click to expand...
Just wonder if 2 entropy generators running, will it be better or just generating unnecessary cpu load?
 
DonnyJohnny said:
Just wonder if 2 entropy generators running, will it be better or just generating unnecessary cpu load?
Click to expand...
The use of more then one RNG will make the entropy in the pool more unpredictable.
I am no expert on the RNG`s but found this command to check the pool:
Code: 
cat /proc/sys/kernel/random/entropy_avail
With dnscypt installer`s Haveged(and entware version), The pool can never get below 1024bit i think, maximum should be 4096bit
I still haven`t seen any cpu spikes here with using both. Ofc if it seems to be a issue, Haveged should be removed.
When available, other sources of randomness are used to stir the entropy pool and make it less predictable.
Click to expand...
Code: 
PID  PPID    USER    STAT VSZ   VSZ%    CPU  CPU% ↓  COMMAND
911     1    izzt    S    7548    0.8    0    0.0    /jffs/dnscrypt/haveged -w 1024 -d 32 -i 32 -v 1
1094    1    izzt    S    2004    0.2    0    0.0    /usr/sbin/jitterentropy-rngd -p /var/run/jitterentropy-rngd.pid
Some extra info:
blog.cloudflare.com

Ensuring Randomness with Linux's Random Number Generator

When building secure systems, having a source of random numbers is essential. Without them, most cryptographic systems break down and the privacy and authenticity of communications between two parties can be subverted.
blog.cloudflare.com blog.cloudflare.com
 
Last edited:
Zastoff said:
I am no expert on the RNG`s but found this command to check the pool:
Code: 
cat /proc/sys/kernel/random/entropy_avail
With dnscypt installer`s Haveged(and entware version), The pool can never get below 1024bit i think, maximum should be 4096bit
I still haven`t seen any cpu spikes here with using both. Ofc if it seems to be a issue, Haveged should be removed.

Code: 
PID  PPID    USER    STAT VSZ   VSZ%    CPU  CPU% ↓  COMMAND
911     1    izzt    S    7548    0.8    0    0.0    /jffs/dnscrypt/haveged -w 1024 -d 32 -i 32 -v 1
1094    1    izzt    S    2004    0.2    0    0.0    /usr/sbin/jitterentropy-rngd -p /var/run/jitterentropy-rngd.pid
Some extra info:
blog.cloudflare.com

Ensuring Randomness with Linux's Random Number Generator

When building secure systems, having a source of random numbers is essential. Without them, most cryptographic systems break down and the privacy and authenticity of communications between two parties can be subverted.
blog.cloudflare.com blog.cloudflare.com
Click to expand...
Did a test with jitterentropy alone (no haveged installed), also 1024-1033.

If u have both installed and still 1024 mean no effect but waste memory and cpu resources?
 
DonnyJohnny said:
Did a test with jitterentropy alone (no haveged installed), also 1024-1033.

If u have both installed and still 1024 mean no effect but waste memory and cpu resources?
Click to expand...
Just updated my previous post to better answer your question.
The use of more then one RNG will make the entropy in the pool more unpredictable.
Click to expand...
Maybe it is overkill in using more then one..
I am still using it to test if i get any conflicts or increased cpu use from it.
 
Last edited:
dave14305 said:
Unbound Manager installs it too.
Click to expand...
Any idea whether removing it breaks Unbound Manager ?
Enjoying stability of 386.2_4 and lack the expertise to know the answer ... and sure don't want to break anything ;)!
 
kernol said:
Any idea whether removing it breaks Unbound Manager ?
Enjoying stability of 386.2_4 and lack the expertise to know the answer ... and sure don't want to break anything ;)!
Click to expand...
I don’t know that there was ever a good reason to install it with Unbound, but there were a lot of conflicting ideas back in those days. :)
 
Zastoff said:
Just updated my previous post to better answer your question.

Maybe it is overkill in using more then one..
I am still using it to test if i get any conflicts or increased cpu use from it.
Click to expand...
from what I can tell there seems to be no interaction between haveged and jitterentropy-rngd, specifically logs should be examined around the time these cpu spikes occur. I think the spikes may be related to something else.
 
You must log in or register to reply here.

Similar threads

G
Will upgrading my router result in meaningfully better handling of high thread networking?
Replies
16
Views
2K
drinkingbird
drinkingbird
W
CPU high usage AC1900U/AC68U. VLAN related?
Replies
6
Views
2K
webbie
W
dev_null
  • Locked
[Beta] VNSTAT on Merlin; CLI, UI and email data use monitoring (install script offline for now)
5 6 7
Replies
121
Views
22K
dev_null
dev_null
J
RT-AC88U wifi traffic throttle problem
Replies
4
Views
2K
jtara
J
E
ASUS RT-N66U, high CPU usage - is everything working alright?
Replies
12
Views
22K
oshunluvr
oshunluvr
Similar threads
Thread starter Title Forum Replies Date
nagyimre1980 High CPU load when enabling Traffic Analyzer - Statistic on GT-AXE16000 Asuswrt-Merlin 4
U aaews process high cpu load Asuswrt-Merlin 1
S High RAM usage seemingly causing WiFi to not function Asuswrt-Merlin 22
B High CPU usage = broadcast storm? Asuswrt-Merlin 6
P RT-AC88U high cpu usage when copy to USB Asuswrt-Merlin 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 2,159 (members: 13, guests: 2,146)
Back
Top