justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| I've run out of entropy!
What weirdness lurks inside the kernel nowadays!
»www.number.ch/wiki/index.php/Lin···ySources
One of the servers here had this problem. As a result, apache 2 would not start (it just hung). It took some head scratching to find the problem .. /dev/random had run out of randomness
The machine, while keyboard and mouseless, has plenty of activity. How weird.
I had to symlink urandom to random to fix the problem, "typing furiously" was not an option. |
|
deblin
Dark Side of the Moon
Premium,MVM
join:2001-09-01
Middletown, DE
| Hmm, seems like having alternative entropy sources would be something the kernel should include by default. Maybe it's been sufficient in the past to use hard drive access to build entropy? Or perhaps the particular kernel version is broken and not properly building entropy from hard drive access?
That article specifically says "IDE timings" and mentions using hdparm, but it's unclear whether it actually means only ATA/IDE hard drives are sensed for entropy or not. If the server has SCSI, I would hope it would still be useful to build entropy.
Are you planning on patching the kernel to include network interrupt support entropy?
--
"Talk is cheap because the supply is greater than the demand" - Shelby Friedman |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA | reply to justin
Why not use the Post Jail as a source of entropy?  |
|
justin
Australian
join:1999-05-28
Brooklyn, NY | reply to deblin
the server isn't used for SSL so I'm ok with urandom. Rebuilding a kernel for this problem is something I'd rather wait for a better excuse to do. |
|
deblin
Dark Side of the Moon
Premium,MVM
join:2001-09-01
Middletown, DE
| reply to Steve
said by Steve  :Why not use the Post Jail as a source of entropy? hahaha
--
"Talk is cheap because the supply is greater than the demand" - Shelby Friedman |
|
BeesTea
Network Janitor
Premium,VIP
join:2003-03-08
00000
| reply to justin
said by justin :I had to symlink urandom to random to fix the problem, "typing furiously" was not an option. You might have thought of this already, but check to see if your chipset has a hwrand. /dev/hwrandom works very well on my xeon systems.
--
Never surrender, never go down. |
|
sempergoofy
Premium
join:2001-07-06
Smyrna, GA
 ·AT&T Southeast
| reply to deblin
said by deblin :Hmm, seems like having alternative entropy sources would be something the kernel should include by default. Maybe it's been sufficient in the past to use hard drive access to build entropy? Or perhaps the particular kernel version is broken and not properly building entropy from hard drive access? That article specifically says "IDE timings" and mentions using hdparm, but it's unclear whether it actually means only ATA/IDE hard drives are sensed for entropy or not. If the server has SCSI, I would hope it would still be useful to build entropy. Are you planning on patching the kernel to include network interrupt support entropy? For long key generation on a "headless/keyboardless/mouseless" system needing entropy bits from /dev/random, I have ususally cranked up a few concurrent backgrounded dd commands from /dev/sda and other scsi devices targetted to /dev/null. I would presume (perhaps mistakenly) that doing similar with IDE drives would give the same results.
dd if=/dev/sda of=/dev/null bs=1024k &
dd if=/dev/sdb of=/dev/null bs=1024k &
# do work needing to read from /dev/random here
There needs to be multiple concurrent of these running, otherwise one could make a stronger case that the randomness was not random because the sectors were always ascending from one drive.
--
nohup rm -fr /& |
|
kleeman
Australian Expat
join:2000-07-29
Nyack, NY | reply to justin
Obviously the 2nd Law doesn't work for OS operation. Sorry couldn't resist.... |
|
dave
Premium,MVM
join:2000-05-04
not in ohio | Sure it does. The developers are busily moving all of the disorder out of the kernel and concentrating it in other places. Web browser development, for example. Or 'linux distribution package formats', maybe. |
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
 ·Optimum Online
| reply to justin
Is there something similar to the sysctl mibs mentioned here?
»www.freebsd.org/cgi/man.cgi?quer···mat=html
I had some application that slips my mind now that wanted "more randomness" and I was able to tell it to look at specific IRQs - I picked both disk controllers and network cards.
--
Day dreaming days in a daydream nation |
|
justin
Australian
join:1999-05-28
Brooklyn, NY | as far as I know you have to recompile the kernel, usually to specify ethernet as a source of randomness. |
|
ghost16825
Use security metrics
Premium
join:2003-08-26
| reply to justin
Somewhat related:
Kernel developments and entropy from network cards
»blogs.securiteam.com/index.php/archives/473
--
The previous signature has been removed due to recent and continuing website "ownership" issues. |
|
