Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Tech and Talk » OS and Software » All Things Unix » I've run out of entropy!
Uniqs:
492		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Forum FAQ ·Attitude Adjustment ·Linux docs ·DistroWatch ·OPLM ·FreeBSD Handbook
How do I not start X for login screen? »
« How to install VMWare on PCLinuxOS  

justin
Australian
join:1999-05-28
Brooklyn, NY

Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech

I've run out of entropy!

What weirdness lurks inside the kernel nowadays!

»www.number.ch/wiki/index.php/Lin···ySources

One of the servers here had this problem. As a result, apache 2 would not start (it just hung). It took some head scratching to find the problem .. /dev/random had run out of randomness

The machine, while keyboard and mouseless, has plenty of activity. How weird.

I had to symlink urandom to random to fix the problem, "typing furiously" was not an option.
permalink · 2006-06-21 12:33:39 · Print · Reply to this

deblin
Dark Side of the Moon
Premium,MVM
join:2001-09-01
Middletown, DE

Re: I've run out of entropy!

Hmm, seems like having alternative entropy sources would be something the kernel should include by default. Maybe it's been sufficient in the past to use hard drive access to build entropy? Or perhaps the particular kernel version is broken and not properly building entropy from hard drive access?

That article specifically says "IDE timings" and mentions using hdparm, but it's unclear whether it actually means only ATA/IDE hard drives are sensed for entropy or not. If the server has SCSI, I would hope it would still be useful to build entropy.

Are you planning on patching the kernel to include network interrupt support entropy?
--
"Talk is cheap because the supply is greater than the demand" - Shelby Friedman
permalink · 2006-06-21 12:40:20 · Print · Reply to this

justin
Australian
join:1999-05-28
Brooklyn, NY

Re: I've run out of entropy!

the server isn't used for SSL so I'm ok with urandom. Rebuilding a kernel for this problem is something I'd rather wait for a better excuse to do.
permalink · 2006-06-21 12:52:21 · Reply to this

sempergoofy
Premium
join:2001-07-06
Smyrna, GA
·AT&T Southeast

said by deblin See Profile :

Hmm, seems like having alternative entropy sources would be something the kernel should include by default. Maybe it's been sufficient in the past to use hard drive access to build entropy? Or perhaps the particular kernel version is broken and not properly building entropy from hard drive access?

That article specifically says "IDE timings" and mentions using hdparm, but it's unclear whether it actually means only ATA/IDE hard drives are sensed for entropy or not. If the server has SCSI, I would hope it would still be useful to build entropy.

Are you planning on patching the kernel to include network interrupt support entropy?
For long key generation on a "headless/keyboardless/mouseless" system needing entropy bits from /dev/random, I have ususally cranked up a few concurrent backgrounded dd commands from /dev/sda and other scsi devices targetted to /dev/null. I would presume (perhaps mistakenly) that doing similar with IDE drives would give the same results.
dd if=/dev/sda of=/dev/null bs=1024k &
dd if=/dev/sdb of=/dev/null bs=1024k &
# do work needing to read from /dev/random here

There needs to be multiple concurrent of these running, otherwise one could make a stronger case that the randomness was not random because the sectors were always ascending from one drive.

--
nohup rm -fr /&
permalink · 2006-06-21 15:00:51 · Print · Reply to this

Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA		 Why not use the Post Jail as a source of entropy?
permalink · 2006-06-21 12:51:51 · Reply to this

deblin
Dark Side of the Moon
Premium,MVM
join:2001-09-01
Middletown, DE

Re: I've run out of entropy!

said by Steve See Profile :

Why not use the Post Jail as a source of entropy?
hahaha
--
"Talk is cheap because the supply is greater than the demand" - Shelby Friedman
permalink · 2006-06-21 12:56:11 · Reply to this

BeesTea
Network Janitor
Premium,VIP
join:2003-03-08
00000
said by justin See Profile :

I had to symlink urandom to random to fix the problem, "typing furiously" was not an option.
You might have thought of this already, but check to see if your chipset has a hwrand. /dev/hwrandom works very well on my xeon systems.
--
Never surrender, never go down.
permalink · 2006-06-21 13:08:26 · Reply to this

kleeman
Australian Expat

join:2000-07-29
Nyack, NY		 Obviously the 2nd Law doesn't work for OS operation. Sorry couldn't resist....
permalink · 2006-06-21 15:13:01 · Reply to this
dave
Premium,MVM
join:2000-05-04
not in ohio

Re: I've run out of entropy!

Sure it does. The developers are busily moving all of the disorder out of the kernel and concentrating it in other places. Web browser development, for example. Or 'linux distribution package formats', maybe.
permalink · 2006-06-21 15:55:19 · Reply to this

sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online

 Is there something similar to the sysctl mibs mentioned here?

»www.freebsd.org/cgi/man.cgi?quer···mat=html

I had some application that slips my mind now that wanted "more randomness" and I was able to tell it to look at specific IRQs - I picked both disk controllers and network cards.
--
Day dreaming days in a daydream nation
permalink · 2006-06-21 19:31:53 · Print · Reply to this

justin
Australian
join:1999-05-28
Brooklyn, NY

Re: I've run out of entropy!

as far as I know you have to recompile the kernel, usually to specify ethernet as a source of randomness.
permalink · 2006-06-21 20:05:20 · Reply to this
ghost16825
Use security metrics
Premium
join:2003-08-26

 Somewhat related:
Kernel developments and entropy from network cards
»blogs.securiteam.com/index.php/archives/473
--
The previous signature has been removed due to recent and continuing website "ownership" issues.
permalink · 2006-06-25 22:20:10 · Reply to this
Forums » Tech and Talk » OS and Software » All Things UnixHow do I not start X for login screen? »
« How to install VMWare on PCLinuxOS  

Saturday, 28-Nov 20:00:36 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [122] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [80] TiVo Sees Record Customer Losses
· [70] Verizon CEO: Hulu Will Be Dead Soon
· [69] In-Flight Internet Headed For Bumpy Landing?
· [66] Weekend Open Thread
· [62] Thanksgiving Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· Why would I want an e reader? [General Questions]
· Gizmo5 has added a Google Voice section in its members area. [VOIP Tech Chat]
· [ PVP] 3.2 DK PvP D/W Spec... [World of Warcraft]
· how to use the 2nd line with phone hooked to the 1st line? [VOIP Tech Chat]
· [Newsgroups] Newzleech down? [Filesharing Software]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· ToC 4th boss - Preliminary Strategy for Twin Valkyr [World of Warcraft]
· [ Classes] Druid tanking: rotation and glyphs [World of Warcraft]
· Digital Transport Adapter Unboxing Photos [Comcast Cable TV]