Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
[fwd] --gen-key (Need 300 more bytes) (from: olibode@optushome.com.au)
wk at gnupg
Aug 7, 2000, 5:34 AM
Post #1 of 4 (884 views)
Permalink
----- Forwarded message from Oliver Bode <olibode@optushome.com.au> -----

Date: Mon, 7 Aug 2000 22:16:21 +1000
From: "Oliver Bode" <olibode@optushome.com.au>
To: <gnupg-users@gnupg.org>
Subject: --gen-key (Need 300 more bytes)
X-Diagnostic: HTML mails are spam

Hello,

Our ISP just installed gnupg for us on our server. However, I'm getting an
error that I would like to sort out

Each time I try to generate keys I get the following:

Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 300 more bytes)

I don't seem to have any control over this and my telnet program hangs up.

In the documentation it says:

--gen-key Generate a new key pair. This command can only be used
interactive.

How can I become interactive? Is this the problem?

Thanks, Oliver



----- End forwarded message -----

--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
Re: [fwd] --gen-key (Need 300 more bytes) (from: olibode@optushome.com.au) [ In reply to ]
adavid at deetya
Aug 7, 2000, 5:41 PM
Post #2 of 4 (881 views)
Permalink
Werner Koch <wk@gnupg.org> writes:

> From: "Oliver Bode" <olibode@optushome.com.au>
> Subject: --gen-key (Need 300 more bytes)
> To: <gnupg-users@gnupg.org>
> Date: Mon, 7 Aug 2000 22:16:21 +1000
>
> Hello,
>
> Our ISP just installed gnupg for us on our server. However, I'm getting an
> error that I would like to sort out
>
> Each time I try to generate keys I get the following:
>
> Not enough random bytes available. Please do some other work to give
> the OS a chance to collect more entropy! (Need 300 more bytes)
>
> I don't seem to have any control over this and my telnet program hangs up.
>
> In the documentation it says:
>
> --gen-key Generate a new key pair. This command can only be used
> interactive.
>
> How can I become interactive? Is this the problem?

Telnet is interactive. Telnet is not a good way to go however, especially
over a cable modem as it is trivial to sniff other traffic.
Wiretapped Australia reported a number of other security issues with
Optus@home.

Use ssh so when other users on your subnet hijack your session, they
will only get encrypted data and not your passwords.

Better still, generate the keys on a standalone Linux/*BSD box and
get your ISP to install them via floppy.

If you still think the risk is OK, run a find command agaist a large
filesystem in the background while you gen your keys on the server.

Hope this helps

Regards

--
=========================================================
Gambling: A discretionary tax on | Anthony David
those who were asleep during high | Systems Administrator
school mathematics classes |

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
Re: [fwd] --gen-key (Need 300 more bytes) (from: olibode@optushome.com.au) [ In reply to ]
goodleaf at goodleaf
Aug 7, 2000, 8:34 PM
Post #3 of 4 (886 views)
Permalink
You need to use rndcontrol to set an IRQ to help supply entropy for the
random number generator.

On most *nixish systems, type vmstat -i

This returns a list of irqs in use. Find an irq (Not clk or rtc) that's
got a decent rate number.

Then just type:
rndcontrol -s 11
(where irq 11 is getting, say a 35 in the rate column.Fill in the
irq of your choice, just not clk or rtc.) Once this has been
done, try generating a key again. It may take a while, depending on the
size of the key and the rate of entropy generated from the irq you're
using, but it will work (I think).
-J

===============================
John Goodleaf
goodleaf@goodleaf.net

PGP key: finger goodleaf@clyde.goodleaf.net
===============================

On Tue, 8 Aug 2000, Anthony David wrote:

> Werner Koch <wk@gnupg.org> writes:
>
> > From: "Oliver Bode" <olibode@optushome.com.au>
> > Subject: --gen-key (Need 300 more bytes)
> > To: <gnupg-users@gnupg.org>
> > Date: Mon, 7 Aug 2000 22:16:21 +1000
> >
> > Hello,
> >
> > Our ISP just installed gnupg for us on our server. However, I'm getting an
> > error that I would like to sort out
> >
> > Each time I try to generate keys I get the following:
> >
> > Not enough random bytes available. Please do some other work to give
> > the OS a chance to collect more entropy! (Need 300 more bytes)
> >
> > I don't seem to have any control over this and my telnet program hangs up.
> >
> > In the documentation it says:
> >
> > --gen-key Generate a new key pair. This command can only be used
> > interactive.
> >
> > How can I become interactive? Is this the problem?
>
> Telnet is interactive. Telnet is not a good way to go however, especially
> over a cable modem as it is trivial to sniff other traffic.
> Wiretapped Australia reported a number of other security issues with
> Optus@home.
>
> Use ssh so when other users on your subnet hijack your session, they
> will only get encrypted data and not your passwords.
>
> Better still, generate the keys on a standalone Linux/*BSD box and
> get your ISP to install them via floppy.
>
> If you still think the risk is OK, run a find command agaist a large
> filesystem in the background while you gen your keys on the server.
>
> Hope this helps
>
> Regards
>
> --
> =========================================================
> Gambling: A discretionary tax on | Anthony David
> those who were asleep during high | Systems Administrator
> school mathematics classes |
>
> --
> Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
> with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
>
>

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
Re: [fwd] --gen-key (Need 300 more bytes) (from: olibode@optushome.com.au) [ In reply to ]
adavid at deetya
Aug 7, 2000, 9:14 PM
Post #4 of 4 (882 views)
Permalink
"J. Goodleaf" <goodleaf@goodleaf.net> writes:

> You need to use rndcontrol to set an IRQ to help supply entropy for the
> random number generator.

Thanks for the info.

Oliver mailed me back to say he found rndcontrol ref in the list
archives. I ommited that reference because he didn't state his OS.
In hindsight...

>
> On most *nixish systems, type vmstat -i

s/most/many/

vmstat -i
interrupt total rate
--------------------------------
clock 805251215 100
hmec0 819978864 101
fdc0 6603 0
--------------------------------
Total 1625236682 201

But then the above OS (Sol 2.6) needs to to use egd...

>
> This returns a list of irqs in use. Find an irq (Not clk or rtc) that's
> got a decent rate number.
>
> Then just type:
> rndcontrol -s 11
> (where irq 11 is getting, say a 35 in the rate column.Fill in the
> irq of your choice, just not clk or rtc.) Once this has been
> done, try generating a key again. It may take a while, depending on the
> size of the key and the rate of entropy generated from the irq you're
> using, but it will work (I think).
> -J

--
=========================================================
Gambling: A discretionary tax on | Anthony David
those who were asleep during high | Systems Administrator
school mathematics classes |

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal