From owner-freebsd-java@FreeBSD.ORG  Tue Oct 21 08:46:22 2003
Return-Path: <owner-freebsd-java@FreeBSD.ORG>
Delivered-To: freebsd-java@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E11B916A4B3
	for <freebsd-java@freebsd.org>; Tue, 21 Oct 2003 08:46:21 -0700 (PDT)
Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk
	[81.2.69.218])	by mx1.FreeBSD.org (Postfix) with ESMTP id 09EF243FBD
	for <freebsd-java@freebsd.org>; Tue, 21 Oct 2003 08:46:18 -0700 (PDT)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1])
	h9LFk3DK097406
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 21 Oct 2003 16:46:13 +0100 (BST)
	(envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk)
Received: (from matthew@localhost)id h9LFk3YO097405;
	Tue, 21 Oct 2003 16:46:03 +0100 (BST)	(envelope-from matthew)
Date: Tue, 21 Oct 2003 16:46:03 +0100
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
To: Daniel Fisher <daniel.fisher@vt.edu>
Message-ID: <20031021154603.GC94995@happy-idiot-talk.infracaninophile.co.uk>
Mail-Followup-To: Daniel Fisher <daniel.fisher@vt.edu>,
	freebsd-java@freebsd.org
References: <3F93E062.3030401@fork.pl>
	<20031020110839.54f1f3c8.daniel.fisher@vt.edu>
	<20031020232351.GA58090@misty.eyesbeyond.com>
	<20031021111743.44ea9b25.daniel.fisher@vt.edu>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="ghzN8eJ9Qlbqn3iT"
Content-Disposition: inline
In-Reply-To: <20031021111743.44ea9b25.daniel.fisher@vt.edu>
User-Agent: Mutt/1.5.4i
X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham 
	version=2.60
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
	happy-idiot-talk.infracaninophile.co.uk
cc: freebsd-java@freebsd.org
Subject: Re: file:/dev/random generated exception: null
X-BeenThere: freebsd-java@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Porting Java to FreeBSD <freebsd-java.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-java>,
	<mailto:freebsd-java-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-java>
List-Post: <mailto:freebsd-java@freebsd.org>
List-Help: <mailto:freebsd-java-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-java>,
	<mailto:freebsd-java-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Oct 2003 15:46:22 -0000


--ghzN8eJ9Qlbqn3iT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Oct 21, 2003 at 11:17:43AM -0400, Daniel Fisher wrote:
> On Mon, 20 Oct 2003 17:23:51 -0600
> Greg Lewis <glewis@eyesbeyond.com> wrote:
>=20
> > On Mon, Oct 20, 2003 at 11:08:39AM -0400, Daniel Fisher wrote:
> > > Looks like you ran out of random bytes in /dev/random, which is not
> > > uncommon.
> > > If you want to avoid this error use /dev/urandom.
> > > -Djava.security.egd=3Dfile:/dev/urandom
> >=20
> > However, doing so will get you much lower quality random numbers.
> > Depending on how much you value security this may not be acceptable.
> > I'd try rndcontrol(8) first, as Alexey mentioned.
>=20
> In my experience /dev/urandom is the only way to guarantee that ssl
> connections do not fail due to lack of random bytes.
> This is a common problem on servers which make a lot of separate ssl
> connections and cannot gather enough entropy to keep up.
> However, if the load on your application allows using /dev/random you
> should do so.
> Just keep in mind you may see these errors every so often.
> There are also other ways to gather entropy, but I can't vouch for them:
> http://egd.sourceforge.net/

egd just does in user space essentially what the kernel does in kernel
space to provide the entropy used for /dev/random.

If your system is a heavy user of randomness, and normal interrupt
activity isn't enough to keep up with demand, then you'll have to
provide an external source of randomness.  Some motherboard chipsets
nowadays have a built in random source -- which is just a diode that
gives you a 50-50 chance of being conductive at any time -- or you can
use certain Crypto accelerator cards: see ubsec(4) and hifn(4).

Alternatively this is the excuse you need to requisition that lava
lamp without which no contemporary machine room could be considered
complete...

    http://www.lavarnd.org/

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--ghzN8eJ9Qlbqn3iT
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/lVS7dtESqEQa7a0RAobQAKCIkrqF7TwYvskN2nekc6hziToftgCcDPyq
fLHQpFOfpsF5jDYmoBCGr04=
=fUFx
-----END PGP SIGNATURE-----

--ghzN8eJ9Qlbqn3iT--