PingDirectory

Resolve entropy exhaustion

To help diagnose the problem, the installer attempts to monitor available system entropy when setting up the server in FIPS 140-2-compliant mode and displays a warning message if entropy drops too low. Similarly, if the server is running in FIPS-compliant mode, it continuously monitors available system entropy and logs a warning message and raises an alarm if entropy drops low enough that the server is likely to become unresponsive.

If entropy exhaustion is a problem, the best options to address it include:

  • If the server is running in a virtual machine or container, you might be able to configure it with access to the underlying host system’s entropy pool if that’s not already the case.

  • Install a hardware random number generator on the system and ensure that the server can access it even when running in a container or virtual machine.

  • Install an entropy-supplementing daemon, such as rngd, to keep the OS-provided random number generator topped off and able to generate high-quality random data without blocking.