Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 21 Oct 2003 16:46:03 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Daniel Fisher <daniel.fisher@vt.edu>
Cc:        freebsd-java@freebsd.org
Subject:   Re: file:/dev/random generated exception: null
Message-ID:  <20031021154603.GC94995@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <20031021111743.44ea9b25.daniel.fisher@vt.edu>
References:  <3F93E062.3030401@fork.pl> <20031020110839.54f1f3c8.daniel.fisher@vt.edu> <20031020232351.GA58090@misty.eyesbeyond.com> <20031021111743.44ea9b25.daniel.fisher@vt.edu>

next in thread | previous in thread | raw e-mail | index | archive | help

--ghzN8eJ9Qlbqn3iT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Oct 21, 2003 at 11:17:43AM -0400, Daniel Fisher wrote:
> On Mon, 20 Oct 2003 17:23:51 -0600
> Greg Lewis <glewis@eyesbeyond.com> wrote:
>=20
> > On Mon, Oct 20, 2003 at 11:08:39AM -0400, Daniel Fisher wrote:
> > > Looks like you ran out of random bytes in /dev/random, which is not
> > > uncommon.
> > > If you want to avoid this error use /dev/urandom.
> > > -Djava.security.egd=3Dfile:/dev/urandom
> >=20
> > However, doing so will get you much lower quality random numbers.
> > Depending on how much you value security this may not be acceptable.
> > I'd try rndcontrol(8) first, as Alexey mentioned.
>=20
> In my experience /dev/urandom is the only way to guarantee that ssl
> connections do not fail due to lack of random bytes.
> This is a common problem on servers which make a lot of separate ssl
> connections and cannot gather enough entropy to keep up.
> However, if the load on your application allows using /dev/random you
> should do so.
> Just keep in mind you may see these errors every so often.
> There are also other ways to gather entropy, but I can't vouch for them:
> http://egd.sourceforge.net/

egd just does in user space essentially what the kernel does in kernel
space to provide the entropy used for /dev/random.

If your system is a heavy user of randomness, and normal interrupt
activity isn't enough to keep up with demand, then you'll have to
provide an external source of randomness.  Some motherboard chipsets
nowadays have a built in random source -- which is just a diode that
gives you a 50-50 chance of being conductive at any time -- or you can
use certain Crypto accelerator cards: see ubsec(4) and hifn(4).

Alternatively this is the excuse you need to requisition that lava
lamp without which no contemporary machine room could be considered
complete...

    http://www.lavarnd.org/

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--ghzN8eJ9Qlbqn3iT
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/lVS7dtESqEQa7a0RAobQAKCIkrqF7TwYvskN2nekc6hziToftgCcDPyq
fLHQpFOfpsF5jDYmoBCGr04=
=fUFx
-----END PGP SIGNATURE-----

--ghzN8eJ9Qlbqn3iT--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031021154603.GC94995>