Re: Not enough randomness ????

Tue, 10 Oct 2000 05:50:03 -0700 

Bret Hughes wrote:

> In tracking down a problem building freeswan I got this
> response from a guy on the ipsec list.  This is on the new
> kernel this list was so kind in helping me get going.  It
> was built from the 2.2.16-3 SRPM and is running on a compaq
> 3000 with dual 333MHz PIIs.
>
> I never knew I had to be worried about enough randomness.
> What the heck is going on?  cat /dev/random spits out a
> bunch of garbage that sure looks random to me.   I am in WAY
> over my head here.  Any ideas?
>
> Here is the response I got.  If there is not enough context
> let me know and I can post my original message.
>
>   On Sun, 8 Oct 2000, Bret Hughes wrote:
> > Is there something I did wrong? ...
>
> Doesn't look like it...
>
> >  5128 pts/1    S      0:00  |
> > |       \_ ./ranbits 256
>
> This is the interesting one -- ranbits is sitting there
> doing nothing.
> *That* means that for some reason, your system has very
> little randomness
> available in /dev/random.  Ranbits is hung, waiting for some
> to show up
> so it can use it to generate a key.
>
> The quick workaround is to go to another window, and do some
> things that
> produce randomness -- type on the keyboard, move the mouse,
> cause some
> disk activity.
>
> A more fundamental question is *why* there's no randomness
> on that
> machine.  That's an unusual problem, one we have no great
> insight into...
> but it should be tracked down and fixed, because at least a
> little bit of
> system randomness is important to later operation as well as
> the initial
> key generation.

A little more info-

/dev/random only uses keyboard and mouse interupts as inputs
into the entropy pool.  on a sever with noone on the console
not much randomness there.  Does anyone have a solution for
adding randomness to the pool that is secure?  It seems that
there is a pretty big concern in the security community about
adding stuff that can be monitored remotely and used to
calc(guess?) the random bits used to calculate the keys.

I am continuing to look and learn but any pointers are
appreciated.

Bret



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to