Using /dev/urandom to feed entropy to /dev/random is an incredibly bad idea. It may get you moving again, but basically your key material will be far weaker, because the system thinks you’re giving it entropy, when in fact the entropy associated with /dev/urandom is non-existent, except for the entropy that it consumes (from /dev/random!!).
If you have a microphone, then feeding white noise into it from /dev/audio recording is better. - Garrett On Thu, Mar 23, 2017 at 2:52 PM, ryan nelson <[email protected]> wrote: > I'll second this recommendation, with a slight tweak: > Instead of configuring your server/service to *always* use /dev/urandom , > you might want to leave it using /dev/random , but "inject" some randomness > to get /dev/urandom up-to-speed faster. > > I've had to do this for vm's that were very-recently-launched, to get > "openvpn --genkey" to work without a long delay like you've seen with > tomcat startup. > > I sped things up with a one-time command of: > "dd if=/dev/urandom of=/dev/random bs=1024k count=20" > ... you can pick your own source of "random enough" data to cat > > /dev/random to get its entropy "filled up" quicker > (with the caveat that you realize what you're doing when you do this, and > accept the risk) > > > On Thu, Mar 23, 2017 at 9:32 AM, Garrett D'Amore <[email protected]> > wrote: > >> Actually, the first is a better solution in general. Even PV devices can >> generate entropy more slowly; unless you have a very specific need for >> concrete amounts of raw entropy, /dev/urandom is much to be preferred. The >> /dev/random device can block anytime the rate of entropy consumption >> exceeds the rate of production. >> >> (However, /dev/random *should* be used if you’re going to seed other pRNG >> based key generators. Doing that is generally discouraged if you have a >> reasonable /dev/urandom implementation though, since /dev/urandom allows >> for new entropy to be added to the pool over time, whereas other pRNGs >> generally never increase their entropy.) >> >> >> - Garrett >> >> On Thu, Mar 23, 2017 at 9:23 AM, Michele Codutti via smartos-discuss < >> [email protected]> wrote: >> >>> Hi all. Recently I noticed that the tomcat web server had log startup >>> times when it runs inside a KVM linux machine. >>> It seems that the problem resides in the fact that the /dev/random >>> produce entropy very slowly. >>> I have found two solutions of this problem: >>> Configure tomcat to use /dev/urandom >>> 2. Use the virtio-rng paravirtual device (if it is implemented in the >>> KVM port in SmartOS). <http://rhelblog.redhat.com/20 >>> red-hat-enterprise-linux-virtual-machines-access-to >>> -random-numbers-made-easy/> >>> The first solution is quick and dirty. >>> The second seems more robust but I need to configure a KVM machine with >>> that paravirtual device. >>> I had not found any documentation about that topic in the (SmartOS) >>> wiki. Googling was not useful. >>> Some one can give me at least some directions? >>> Thanks in advance >>> >>> Michele >>> >> > *smartos-discuss* | Archives > <https://www.listbox.com/member/archive/184463/=now> > <https://www.listbox.com/member/archive/rss/184463/22103350-51080293> | > Modify > <https://www.listbox.com/member/?&;> > Your Subscription <http://www.listbox.com> > ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
