It takes me about 85 minutes to generate a 1024 bit key for dnssec. I'd like to install a random number generator to speed the process up. Do you have any suggestions, recommendations or reviews that I might consider?
thanks, -Marcus On Sat, Aug 30, 2008 at 8:17 PM, Mark Andrews <[EMAIL PROTECTED]> wrote: > >> On Sun, 31 Aug 2008 02:40:36 you wrote: >> > > Hello all- >> > > >> > > The following command- >> > > >> > > /usr/local/sbin/dnssec-keygen -r /dev/random -f KSK -a RSASHA1 -b 1024 -n >> > > ZON E >> > > example.com >> > > >> > > stalls. The system is Slackware Linux 12.1 with kernel 2.6.23-11. >> > > >> > > Michael >> > >> > You need to cause the kernel to gather entropy. The way to >> > do that is to make the kernel do work. >> > >> > e.g. >> > ls -R / >> >> While this does increase the entropy to over 3,000, it still doesn't work (an >> d >> the entropy sinks within a few seconds anyway) > > When generating large keys I just keep running "ls -R /" until the > key generation completes. You can also use the keyboard. Install > a hardware random number generator and configure the kernel to use > it (might require a OS change as I don't know if this is supported > under Linux). > > Mark > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED] > > -- Marcus Morgan UF/OIT/CNS/NS/S [EMAIL PROTECTED]
