I have understood the problem. I think that I will use urandom as much as possible. Thank you all!
> Il giorno 24 mar 2017, alle ore 08:45, Garrett D'Amore <[email protected]> > ha scritto: > > Using /dev/urandom to feed entropy to /dev/random is an incredibly bad idea. > It may get you moving again, but basically your key material will be far > weaker, because the system thinks you’re giving it entropy, when in fact the > entropy associated with /dev/urandom is non-existent, except for the entropy > that it consumes (from /dev/random!!). > > If you have a microphone, then feeding white noise into it from /dev/audio > recording is better. > > - Garrett > > On Thu, Mar 23, 2017 at 2:52 PM, ryan nelson <[email protected] > <mailto:[email protected]>> wrote: > I'll second this recommendation, with a slight tweak: > Instead of configuring your server/service to *always* use /dev/urandom , you > might want to leave it using /dev/random , but "inject" some randomness to > get /dev/urandom up-to-speed faster. > > I've had to do this for vm's that were very-recently-launched, to get > "openvpn --genkey" to work without a long delay like you've seen with tomcat > startup. > > I sped things up with a one-time command of: > "dd if=/dev/urandom of=/dev/random bs=1024k count=20" > ... you can pick your own source of "random enough" data to cat > > /dev/random to get its entropy "filled up" quicker > (with the caveat that you realize what you're doing when you do this, and > accept the risk) > > On Thu, Mar 23, 2017 at 9:32 AM, Garrett D'Amore <[email protected] > <mailto:[email protected]>> wrote: > Actually, the first is a better solution in general. Even PV devices can > generate entropy more slowly; unless you have a very specific need for > concrete amounts of raw entropy, /dev/urandom is much to be preferred. The > /dev/random device can block anytime the rate of entropy consumption exceeds > the rate of production. > > (However, /dev/random *should* be used if you’re going to seed other pRNG > based key generators. Doing that is generally discouraged if you have a > reasonable /dev/urandom implementation though, since /dev/urandom allows for > new entropy to be added to the pool over time, whereas other pRNGs generally > never increase their entropy.) > > - Garrett > > On Thu, Mar 23, 2017 at 9:23 AM, Michele Codutti via smartos-discuss > <[email protected] > <mailto:[email protected]>> wrote: > Hi all. Recently I noticed that the tomcat web server had log startup times > when it runs inside a KVM linux machine. > It seems that the problem resides in the fact that the /dev/random produce > entropy very slowly. > I have found two solutions of this problem: > Configure tomcat to use /dev/urandom > 2. Use the virtio-rng paravirtual device (if it is implemented in the KVM > port in SmartOS). > <http://rhelblog.redhat.com/2015/03/09/red-hat-enterprise-linux-virtual-machines-access-to-random-numbers-made-easy/ > > <http://rhelblog.redhat.com/2015/03/09/red-hat-enterprise-linux-virtual-machines-access-to-random-numbers-made-easy/>> > The first solution is quick and dirty. > The second seems more robust but I need to configure a KVM machine with that > paravirtual device. > I had not found any documentation about that topic in the (SmartOS) wiki. > Googling was not useful. > Some one can give me at least some directions? > Thanks in advance > > Michele > > smartos-discuss | Archives > <https://www.listbox.com/member/archive/184463/=now> > <https://www.listbox.com/member/archive/rss/184463/22103350-51080293> | > Modify <https://www.listbox.com/member/?&;> Your Subscription
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
