Re: Help, Help, I've ran out of entropy!

Wed, 01 Oct 2003 06:53:17 -0700 

On Wed, Oct 01, 2003 at 04:35:23PM +0300, Oded Arbel wrote:
> On Wednesday 01 October 2003 15:54, Muli Ben-Yehuda wrote:
> > On Wed, Oct 01, 2003 at 03:31:44PM +0300, Oded Arbel wrote:
> > > I'm having a problem with a server, where apparently I don't have any
> > > entropy left in /dev/random :
> > > # sysctl -A | grep random
> > > kernel.random.entropy_avail = 0
> 
> > Why not use /dev/urandom? that one never blocks.
> 
> 1. its lower quality

I don't know what's your application, but I really doubt it matters. 

> 2. Its not my software, and I don't feel like messing around with the source 
> code right now. I'll do that if I'll have no choice, but seeing as /dev/
> random is important to have, I though I'd try to deal with the source of the 
> problem first.

Unix 101: use a symlink. Even better, recreate /dev/random with
/dev/urandom's minor number for this application. 

> > It's possile, yes. Looking at the code (2.4.23-pre5, but I doubt there
> > were major changes in this area in the vanilla kernels), 
> 
> I'm not using vanilla - I prefer buttermilk myself, but I have grsecurity 
> patches. AFAIK, grsecurity shouldn't turn off any entropy generation - it 
> relies on good quality entropy pool to add more randomacity to stuff the 
> kernel does.

Have you verified that it's not doing anything fishy? 

> > the relevant 
> > function is add_blkdev_randomness, which works at the block layer, not
> > the file system layer, so it doesn't have much to do with
> > reiserfs. 
> 
> Then, could you please offer a hypothesis as to why my dev/random is
> empty ?

Something exhausted it, or its not getting filled enough. You can
trace calls to it to rule out or confirm #1, or you can find out what
exactly replenishes it with your current kernel, and then cause it to
be replenished. Sorry I can't be more specific. 

> > Quoting from drivers/char/random.c for ways for you to 
> > generate entropy:
> 
> As I understand these need to be implemented in the kernel, at the device 
> level. is it possible that some are "turned off" or something ?

Unlikely in the vanilla kernel, don't know about your kernel. 
-- 
Muli Ben-Yehuda
http://www.mulix.org

Attachment: signature.asc
Description: Digital signature

Reply via email to