Date: Tue, 21 Oct 2003 16:46:03 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Daniel Fisher <daniel.fisher@vt.edu> Cc: freebsd-java@freebsd.org Subject: Re: file:/dev/random generated exception: null Message-ID: <20031021154603.GC94995@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <20031021111743.44ea9b25.daniel.fisher@vt.edu> References: <3F93E062.3030401@fork.pl> <20031020110839.54f1f3c8.daniel.fisher@vt.edu> <20031020232351.GA58090@misty.eyesbeyond.com> <20031021111743.44ea9b25.daniel.fisher@vt.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--ghzN8eJ9Qlbqn3iT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Oct 21, 2003 at 11:17:43AM -0400, Daniel Fisher wrote: > On Mon, 20 Oct 2003 17:23:51 -0600 > Greg Lewis <glewis@eyesbeyond.com> wrote: >=20 > > On Mon, Oct 20, 2003 at 11:08:39AM -0400, Daniel Fisher wrote: > > > Looks like you ran out of random bytes in /dev/random, which is not > > > uncommon. > > > If you want to avoid this error use /dev/urandom. > > > -Djava.security.egd=3Dfile:/dev/urandom > >=20 > > However, doing so will get you much lower quality random numbers. > > Depending on how much you value security this may not be acceptable. > > I'd try rndcontrol(8) first, as Alexey mentioned. >=20 > In my experience /dev/urandom is the only way to guarantee that ssl > connections do not fail due to lack of random bytes. > This is a common problem on servers which make a lot of separate ssl > connections and cannot gather enough entropy to keep up. > However, if the load on your application allows using /dev/random you > should do so. > Just keep in mind you may see these errors every so often. > There are also other ways to gather entropy, but I can't vouch for them: > http://egd.sourceforge.net/ egd just does in user space essentially what the kernel does in kernel space to provide the entropy used for /dev/random. If your system is a heavy user of randomness, and normal interrupt activity isn't enough to keep up with demand, then you'll have to provide an external source of randomness. Some motherboard chipsets nowadays have a built in random source -- which is just a diode that gives you a 50-50 chance of being conductive at any time -- or you can use certain Crypto accelerator cards: see ubsec(4) and hifn(4). Alternatively this is the excuse you need to requisition that lava lamp without which no contemporary machine room could be considered complete... http://www.lavarnd.org/ Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --ghzN8eJ9Qlbqn3iT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/lVS7dtESqEQa7a0RAobQAKCIkrqF7TwYvskN2nekc6hziToftgCcDPyq fLHQpFOfpsF5jDYmoBCGr04= =fUFx -----END PGP SIGNATURE----- --ghzN8eJ9Qlbqn3iT--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031021154603.GC94995>