ghost16825
Use security metrics
Premium
join:2003-08-26
| reply to justin
Re: I've run out of entropy!
Somewhat related:
Kernel developments and entropy from network cards
»blogs.securiteam.com/index.php/archives/473
--
The previous signature has been removed due to recent and continuing website "ownership" issues. |
|
justin
Australian
join:1999-05-28
Brooklyn, NY | reply to sporkme
as far as I know you have to recompile the kernel, usually to specify ethernet as a source of randomness. |
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
 ·Optimum Online
| reply to justin
Is there something similar to the sysctl mibs mentioned here?
»www.freebsd.org/cgi/man.cgi?quer···mat=html
I had some application that slips my mind now that wanted "more randomness" and I was able to tell it to look at specific IRQs - I picked both disk controllers and network cards.
--
Day dreaming days in a daydream nation |
|
dave
Premium,MVM
join:2000-05-04
not in ohio | reply to kleeman
Sure it does. The developers are busily moving all of the disorder out of the kernel and concentrating it in other places. Web browser development, for example. Or 'linux distribution package formats', maybe. |
|
kleeman
Australian Expat
join:2000-07-29
Nyack, NY | reply to justin
Obviously the 2nd Law doesn't work for OS operation. Sorry couldn't resist.... |
|
sempergoofy
Premium
join:2001-07-06
Smyrna, GA
 ·AT&T Southeast
| reply to deblin
said by deblin  :Hmm, seems like having alternative entropy sources would be something the kernel should include by default. Maybe it's been sufficient in the past to use hard drive access to build entropy? Or perhaps the particular kernel version is broken and not properly building entropy from hard drive access? That article specifically says "IDE timings" and mentions using hdparm, but it's unclear whether it actually means only ATA/IDE hard drives are sensed for entropy or not. If the server has SCSI, I would hope it would still be useful to build entropy. Are you planning on patching the kernel to include network interrupt support entropy? For long key generation on a "headless/keyboardless/mouseless" system needing entropy bits from /dev/random, I have ususally cranked up a few concurrent backgrounded dd commands from /dev/sda and other scsi devices targetted to /dev/null. I would presume (perhaps mistakenly) that doing similar with IDE drives would give the same results.
dd if=/dev/sda of=/dev/null bs=1024k &
dd if=/dev/sdb of=/dev/null bs=1024k &
# do work needing to read from /dev/random here
There needs to be multiple concurrent of these running, otherwise one could make a stronger case that the randomness was not random because the sectors were always ascending from one drive.
--
nohup rm -fr /& |
|
BeesTea
Network Janitor
Premium,VIP
join:2003-03-08
00000
| reply to justin
said by justin :I had to symlink urandom to random to fix the problem, "typing furiously" was not an option. You might have thought of this already, but check to see if your chipset has a hwrand. /dev/hwrandom works very well on my xeon systems.
--
Never surrender, never go down. |
|
deblin
Dark Side of the Moon
Premium,MVM
join:2001-09-01
Middletown, DE
| reply to Steve
said by Steve :Why not use the Post Jail as a source of entropy?  hahaha
--
"Talk is cheap because the supply is greater than the demand" - Shelby Friedman |
|
justin
Australian
join:1999-05-28
Brooklyn, NY | reply to deblin
the server isn't used for SSL so I'm ok with urandom. Rebuilding a kernel for this problem is something I'd rather wait for a better excuse to do. |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA | reply to justin
Why not use the Post Jail as a source of entropy? |
|
deblin
Dark Side of the Moon
Premium,MVM
join:2001-09-01
Middletown, DE
| reply to justin
Hmm, seems like having alternative entropy sources would be something the kernel should include by default. Maybe it's been sufficient in the past to use hard drive access to build entropy? Or perhaps the particular kernel version is broken and not properly building entropy from hard drive access?
That article specifically says "IDE timings" and mentions using hdparm, but it's unclear whether it actually means only ATA/IDE hard drives are sensed for entropy or not. If the server has SCSI, I would hope it would still be useful to build entropy.
Are you planning on patching the kernel to include network interrupt support entropy?
--
"Talk is cheap because the supply is greater than the demand" - Shelby Friedman |
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| What weirdness lurks inside the kernel nowadays!
»www.number.ch/wiki/index.php/Lin···ySources
One of the servers here had this problem. As a result, apache 2 would not start (it just hung). It took some head scratching to find the problem .. /dev/random had run out of randomness
The machine, while keyboard and mouseless, has plenty of activity. How weird.
I had to symlink urandom to random to fix the problem, "typing furiously" was not an option. |
|
