On Thu, Nov 11, 1999, Steve Freitas wrote:
> > # Pseudo Random Number Generator (PRNG):
> > # Configure one or more sources to seed the PRNG of the
> > # SSL library. The seed data should be of good random quality.
> >+# WARNING! On some platforms /dev/random blocks if not enough entropy
> >+# is available. This means you then cannot use the /dev/random device
> >+# because it would lead to very long connection times (as long as
> >+# it requires to make more entropy available). But usually those
> >+# platforms additionally provide a /dev/urandom device which doesn't
> >+# block. So, if available, use this one instead. Read the mod_ssl User
> >+# Manual for more details.
>
> AH-HA!
>
> I've been fighting miscellaneous pauses on my machine for a while now (RH
> 6.1 i386). It would pause sometimes when I'd hit my webserver's frontpage
> (where among other things a random number gets generated), sometimes when
> I'd login with SSH (where it grabs a random for its encryption,
> presumably), etc.
>
> So I did a simple "more /dev/random", and it sat there pausing until I
> popped up a menu in Gnome. As I spaced down, it kept pausing until I
> generated activity. "more /dev/urandom" generated no such pauses.
>
> Given that my machine is pausing all over the place (Apache, SSH,
> Sendmail, etc.), is there a way to generate entropy to prevent random
> from blocking? Having to change all that sourcecode would be excessive
> and well beyond my skill.
Usually any type of system activity adds entropy, ranging from disk I/O to
input on keyboards and other devices. As an easy workaround you perhaps could
try to make /dev/random a link to /dev/random ;) Then you don't have your
programs to recompile. But be aware that /dev/urandom produces not as good
random values as /dev/random, of course...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]