Results 1 to 5 of 5

Thread: /dev/random entropy

  1. #1
    Join Date
    Jul 2007
    Posts
    6

    Default /dev/random entropy

    I was wondering if anyone has experienced problems with /dev/random running out of entropy.

    I have had problems with apache blocking for long periods of time with this log message:
    Digest: generating secret for digest authentication ...
    which i found out from raptorized.com/?p=70 was due to /dev/random not having enough entropy.

    I ended up using lighttpd instead, so this isn't a problem, but now I am trying to use dkfilter and it is blocking for long periods of time. I think its the same problem, dkfilter or perl is blocking on /dev/random. Has anyone experienced a similar situation?

    Brian

  2. #2

    Default

    My dropbear sshd has been complaining about a lack of entropy in Debian... hasn't seemed to cause any serious problems, just a few extra log entrys when I try to login. I suppose if there were more ssh users than just myself though it might become a problem. Though looking closer at the logs, it appears that this could be causing some logins to take around 10sec from the point of the entropy message being generated, to the point of successful pubkey message... not good :/

    Warning: Reading the random source seems to have blocked. If you experience problems, you probably need to find a better entropy source.

  3. #3
    Join Date
    Oct 2006
    Posts
    59

    Default

    This problem is the result of having multiple servers using up all of the entropy on the server. The recommended fix is to make your applications use /dev/urandom as a source of entropy. If your application does not allow you to set the source of entropy manually, Then you will have move /dev/random to a backup, and symlink /dev/random to /dev/urandom like so:

    mv /dev/random /dev/chaos
    ln -s /dev/urandom /dev/random

    Max V.
    VPSLink Support

  4. #4
    Join Date
    Mar 2008
    Posts
    1

    Default

    Perhaps this should say "workaround" rather than "fix". A fix is a lot harder. One way (in the short term) is to install a daemon feeding data from a microphone into /dev/random - many computers have a microphone built in somewhere or other, even if you never needed one. Fundamentally, it's a problem with how /dev/random is implemented and used - entropy runs out far too quickly.

    (sorry to add this note so long after the question! but perhaps it will be useful to people stumbling onto this page.)

  5. #5
    Join Date
    Nov 2006
    Location
    Ukraine
    Posts
    134

    Default

    I'm pretty sure there are no microphones in servers

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •