On 04/24/2014 08:39 AM, Paul Wouters wrote:
On Thu, 24 Apr 2014, Florian Weimer wrote:
I don't think "openssl genrsa 2048" has this issue on today's
machines. (I know I saw it with GNUTLS.)
I was sceptical, so I tried this on a freshly booted VM:
root@bofh:~# virsh start north
Domain north started
root@bofh:~# ssh root@north
Last login: Wed Apr 23 11:54:46 2014
[root@north ~]# time openssl genrsa 2048
[...]
real 0m0.382s
user 0m0.267s
sys 0m0.003s
Call me very surprised! We finally have real entropy in VMs now. Good news!
That is surprising, I wonder if it's using /dev/random or /dev/urandom.
Twice I've done an install of freeipa on a freshly installed vm and
both times it wouldn't start. I finally figured out that named needs to
read from /dev/random when starting up the first time and it wasn't
getting anything. The first time I ran the command manually telling it
to use /dev/urandom. The second time I ran it manually and did a lot of
filesystem and network access, hoping that it would generate entropy.
Which it did seem to do as the command ran successfully.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
