Mailing List Archive: Collecting entropy?

Collecting entropy?

darren at factcomm

Mar 31, 2000, 12:41 PM

Post #1 of 6 (1316 views)

Hi,
Each time I run gen-key, after answering all the questions it spends a few
seconds putting dots and crosses on screen then says:
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 20 more bytes)

Then it seems to lock up. I've tried typing in that terminal, opening
another one and running find and top, accessing the web server running on
that machine, etc. But it still just sits there - no more dots or crosses.

top is telling me it has used 0:02 seconds of processor time and is
currently using 0% of the processor. I left it around 10 minutes and
nothing happened, so I killed it and tried again. Again upto 10 minutes so
far.

top is also telling me another user has a perl script running at nice level
1 which is using up all free processor cycles (around 90%) - so that should
be the work it needs shouldn't it?

Has it crashed? Could it be caused by a missing file (I did ./configure,
then make, but as I don't have root access, I installed by manually copying
the gpg binary and then copied options.skel and edited it).

Darren

P.S. BSD machine. I tried it on Linux last night (same manual
installation), and had a similar problem, but it woke up after about one
minute and finished making the key.

Re: Collecting entropy? [ In reply to ]

marius at alpha1

Mar 30, 2000, 9:51 PM

Post #2 of 6 (1292 views)

BSD machine:
in /etc/defaults/rc.conf, set rand_irqs="<some irq's that are actually

It defaults to keyboard controller, IIRC, which is not helpful on a
headless terminal.

I use the IRQ of my disk controller, then run a find / creates wonderful
entropy. =]

--
Marius Strom <marius@alpha1.net>
Professional Geek/Unix System Administrator
Alpha1 Internet <http://www.alpha1.net>
http://www.marius.org/marius.pgp 0x42C74CBA

In theory, there is no difference between theory and practice...
...In practice, there is a big difference.

On Fri, 31 Mar 2000, Darren Cook wrote:

> Hi,
> Each time I run gen-key, after answering all the questions it spends a few
> seconds putting dots and crosses on screen then says:
> Not enough random bytes available. Please do some other work to give
> the OS a chance to collect more entropy! (Need 20 more bytes)
>
> Then it seems to lock up. I've tried typing in that terminal, opening
> another one and running find and top, accessing the web server running on
> that machine, etc. But it still just sits there - no more dots or crosses.
>
> top is telling me it has used 0:02 seconds of processor time and is
> currently using 0% of the processor. I left it around 10 minutes and
> nothing happened, so I killed it and tried again. Again upto 10 minutes so
> far.
>
> top is also telling me another user has a perl script running at nice level
> 1 which is using up all free processor cycles (around 90%) - so that should
> be the work it needs shouldn't it?
>
> Has it crashed? Could it be caused by a missing file (I did ./configure,
> then make, but as I don't have root access, I installed by manually copying
> the gpg binary and then copied options.skel and edited it).
>
> Darren
>
> P.S. BSD machine. I tried it on Linux last night (same manual
> installation), and had a similar problem, but it woke up after about one
> minute and finished making the key.
>

Re: Collecting entropy? [ In reply to ]

Mar 30, 2000, 10:57 PM

Post #3 of 6 (1298 views)

Speaking of which: Has anyone got experience using some hardware based
entropy sources? I.e., I've heard of ISA/PCI cards which use
variations in wind currents/radio traffic/etc. to produce a plethera
of random data. This could be useful to a server which depends on
lots of random data (like a box which encrypts a lot of web pages,
provides VPN, etc.). Any Linux supported devices? Would anyone like
to help me design/make one to market and sell? =')

Phil

On Fri, Mar 31, 2000 at 02:06:19PM +0000, Darren Cook wrote:
> At 22:51 00/03/30 -0600, Marius Strom wrote:
> >BSD machine:
> >in /etc/defaults/rc.conf, set rand_irqs="<some irq's that are actually
> >used>"
> >
> >It defaults to keyboard controller, IIRC, which is not helpful on a
> >headless terminal.
> >
> >I use the IRQ of my disk controller, then run a find / creates wonderful
> >entropy. =]

--
Philip Edelbrock -- IS Manager -- Edge Design, Corvallis, OR
phil@netroedge.com -- http://www.netroedge.com/~phil
PGP F16: 01 D2 FD 01 B5 46 F4 F0 3A 8B 9D 7E 14 7F FB 7A

Re: Collecting entropy? [ In reply to ]

marius at alpha1

Mar 30, 2000, 11:19 PM

Post #4 of 6 (1290 views)

That should be fine, but you should tell the ISP to change it -- random
number entropy is a "good thing"(tm) to have, and they don't have it
unless someone's there banging at their console.

--
Marius Strom <marius@alpha1.net>
Professional Geek/Unix System Administrator
Alpha1 Internet <http://www.alpha1.net>
http://www.marius.org/marius.pgp 0x42C74CBA

In theory, there is no difference between theory and practice...
...In practice, there is a big difference.

On Fri, 31 Mar 2000, Darren Cook wrote:

> At 22:51 00/03/30 -0600, Marius Strom wrote:
> >BSD machine:
> >in /etc/defaults/rc.conf, set rand_irqs="<some irq's that are actually
> >used>"
> >
> >It defaults to keyboard controller, IIRC, which is not helpful on a
> >headless terminal.
> >
> >I use the IRQ of my disk controller, then run a find / creates wonderful
> >entropy. =]
>
> Thanks (and to L. Sassaman).
>
> Looking at that file I see:
> rand_irqs="NO" # Stir the entropy pool (like "5 11" or NO).
>
> Any suggestions what to do here (assuming the ISP is unwilling to change
> that file and reboot their server)? Is it reasonable to create the keys on
> my linux machine then upload them?
>
> Darren
>

Re: Collecting entropy? [ In reply to ]

darren at factcomm

Mar 31, 2000, 2:06 PM

Post #5 of 6 (1294 views)

At 22:51 00/03/30 -0600, Marius Strom wrote:
>BSD machine:
>in /etc/defaults/rc.conf, set rand_irqs="<some irq's that are actually
>used>"
>
>It defaults to keyboard controller, IIRC, which is not helpful on a
>headless terminal.
>
>I use the IRQ of my disk controller, then run a find / creates wonderful
>entropy. =]

Thanks (and to L. Sassaman).

Looking at that file I see:
rand_irqs="NO" # Stir the entropy pool (like "5 11" or NO).

Any suggestions what to do here (assuming the ISP is unwilling to change
that file and reboot their server)? Is it reasonable to create the keys on
my linux machine then upload them?

Darren

Re: Collecting entropy? [ In reply to ]

Mar 31, 2000, 9:33 PM

Post #6 of 6 (1298 views)

On Fri, Mar 31, 2000 at 02:06:19PM +0000, Darren Cook wrote:
> At 22:51 00/03/30 -0600, Marius Strom wrote:
> >BSD machine:
> >in /etc/defaults/rc.conf, set rand_irqs="<some irq's that are actually
> >used>"
> >
> >It defaults to keyboard controller, IIRC, which is not helpful on a
> >headless terminal.
> >
> >I use the IRQ of my disk controller, then run a find / creates wonderful
> >entropy. =]
>
> Thanks (and to L. Sassaman).
>
> Looking at that file I see:
> rand_irqs="NO" # Stir the entropy pool (like "5 11" or NO).
>
> Any suggestions what to do here (assuming the ISP is unwilling to change
> that file and reboot their server)? Is it reasonable to create the keys on
> my linux machine then upload them?
>
> Darren

hmm, just my Euro 0.02:

On FreeBSD you don't have to reboot your machine to change the IRQs used.
Just do, as root :
rndcontrol -s 15
rndcontrol -s 14
to add the IDE/ATAPI IRQs if they are used. Replace with your SCSI card IRQ
if you have SCSI instead. I don't know if it's really secure to add a network
card IRQ there.

On OpenBSD, you simply can't add or remove entropy sources. At least it
doesn't seems obvious to me while I was browsing man pages on
www.openbsd.org.