Re: gpg can't get random/entropy

[Julio Merino <jmmv%NetBSD.org@localhost>]

On Wed, Mar 21, 2012 at 10:34 PM, Thor Lancelot Simon <tls%panix.com@localhost> 
wrote:
> On Wed, Mar 21, 2012 at 04:49:57PM -0700, Paul Goyette wrote:
>>
>> Not enough random bytes available.  Please do some other work to give
>> the OS a chance to collect more entropy! (Need 123 more bytes)
>
> I have seen extremely odd behavior of this kind from gpg on other
> platforms, even Linux.

Meh, I have just encountered this same problem too :-/

> I think gpg may have a bug -- I think rather than accumulating random
> bytes from successive reads from /dev/random, it may be insisting on
> getting as many as it wants to read, all in one read() system call.

I think that's a reasonable possibility.  I have been able to generate
a bunch of 1024-bit long keys without issues, but no luck whatsoever
with a 4096 key.  As it turns out, "rndctl -ls" continuously reports
having over 3000 bits of entropy ready for delivery reaching the
maximum of 4096 eventually, but gpg will sit there waiting for more
entropy.

> Even the Linux /dev/random won't give it this under all conditions in
> which there is as much entropy available as it wants.  So this is quite
> frustrating.

However, it works.  I have done a few tests on a Linux machine and
didn't have major issues. The generation was very slow but it
eventually completed, and looking at the statistics of the entropy
while creating the keys, it seemed as if gpg was consuming the bits
slowly (instead of your theory of reading in just one batch).

It is also interesting to note that the configure script of libgcrypt
(gnupg2) and gnupg (v1) contain stuff that is Linux-specific regarding
random entropy collection, so I wouldn't be too surprised if the
non-Linux code was broken.

It'd be nice to get a working gpg...

-- 
Julio Merino / @jmmv