From owner-freebsd-questions Thu Nov 21 9:39:22 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A5BF37B401 for ; Thu, 21 Nov 2002 09:39:20 -0800 (PST) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC18A43E97 for ; Thu, 21 Nov 2002 09:39:18 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.6/8.12.6) with ESMTP id gALHdEx2076791 for ; Thu, 21 Nov 2002 17:39:14 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.6/8.12.6/Submit) id gALHd9iS076790 for freebsd-questions@FreeBSD.ORG; Thu, 21 Nov 2002 17:39:09 GMT Date: Thu, 21 Nov 2002 17:39:09 +0000 From: Matthew Seaman To: freebsd-questions@FreeBSD.ORG Subject: Re: How to Start the Random Number Generator Message-ID: <20021121173909.GB76311@happy-idiot-talk.infracaninophi> Mail-Followup-To: Matthew Seaman , freebsd-questions@FreeBSD.ORG References: <200211211654.gALGsXG30970@dc.cis.okstate.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200211211654.gALGsXG30970@dc.cis.okstate.edu> User-Agent: Mutt/1.5.1i X-Spam-Status: No, hits=-2.7 required=5.0 tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_03_05, USER_AGENT,USER_AGENT_MUTT version=2.43 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Nov 21, 2002 at 10:54:33AM -0600, Martin McCormick wrote: > I was directed to use rndcontrol to turn on various > interrupts in the random number generator such as the keyboard > and IDE controller interrupts and > the system would start to build an entropy pool. Rndcontrol > showed me that there were no interrupts being sampled right now > so I told it to look at IRQS 3, 14 and 15. Is this system usually very quiet? Not much IO going on, little network traffic? It could be that there's just nothing happening that can produce suitable random bits for /dev/random. You can get round that simply by generating some artificial activity. Eg. If you tell rndcontrol(8) to use the interrupts, say, for your hard drives, then you could produce some randomness by running a disk intensive process --- something like: cd /usr/ports make index would fit the bill. The other thing to do is look for processes that make excessive use of /dev/random or /dev/urandom and so exhaust the entropy pool faster than it can be filled up. > /dev/random does exist on the systems in question and > seems to return a null which is not what it is supposed to be > doing. /dev/random has a 1 in 256 chance of returning a null byte. If there's no entropy left, it should block until more becomes available. A handy way to test that /dev/random has data available is: dd if=/dev/random bs=1 count=64 | od -x which will read a maximum of 64 bytes at a time, or fewer if available entropy has been exhausted. Of course, running this command too often will exhaust the available entropy, but you can use it to get a feel for how quickly entropy is being generated by your system under different load conditions. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message