Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 21 Nov 2002 17:39:09 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Re: How to Start the Random Number Generator
Message-ID:  <20021121173909.GB76311@happy-idiot-talk.infracaninophi>
In-Reply-To: <200211211654.gALGsXG30970@dc.cis.okstate.edu>
References:  <200211211654.gALGsXG30970@dc.cis.okstate.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Nov 21, 2002 at 10:54:33AM -0600, Martin McCormick wrote:

> 	I was directed to use rndcontrol to turn on various
> interrupts in the random number generator such as the keyboard
> and IDE controller interrupts and
> the system would start to build an entropy pool.  Rndcontrol
> showed me that there were no interrupts being sampled right now
> so I told it to look at IRQS 3, 14 and 15.

Is this system usually very quiet?  Not much IO going on, little
network traffic?  It could be that there's just nothing happening that
can produce suitable random bits for /dev/random.  You can get round
that simply by generating some artificial activity.  Eg. If you tell
rndcontrol(8) to use the interrupts, say, for your hard drives, then
you could produce some randomness by running a disk intensive process
--- something like:

    cd /usr/ports
    make index

would fit the bill.
 
The other thing to do is look for processes that make excessive use of
/dev/random or /dev/urandom and so exhaust the entropy pool faster
than it can be filled up.

>        /dev/random does exist on the systems in question and
> seems to return a null which is not what it is supposed to be
> doing.

/dev/random has a 1 in 256 chance of returning a null byte. If there's
no entropy left, it should block until more becomes available.  A
handy way to test that /dev/random has data available is:

    dd if=/dev/random bs=1 count=64 | od -x

which will read a maximum of 64 bytes at a time, or fewer if available
entropy has been exhausted.  Of course, running this command too often
will exhaust the available entropy, but you can use it to get a feel
for how quickly entropy is being generated by your system under
different load conditions.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
                                                      Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021121173909.GB76311>