tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: entropy: pid 17200 (python) blocking due to lack of entropy

> Date: Wed, 22 Mar 2023 17:18:45 +0100
> From: Manuel Bouyer <>
> I did this but it didn't unblock the python process. It did tell me:
> #rndctl -L /tmp/foo 
> rndctl: no entropy in seed
> Also I had a /var/db/entropy-file, but maybe without entropy.
> But /tmp/foo should have some, it was generated on a host with a hardware RNG:
> rdrand                 1024          2 rng    estimate, collect, v

Can you please share a complete transcript?

Say the machine with rdrand is called foo, and the machine without any
HWRNG is called bar.

foo# rndctl -l
foo# rndctl -S /tmp/seed
foo# head -c 4 </tmp/seed | hexdump -C
00000000  00 01 00 00                                       |....|

Now copy foo:/tmp/seed to bar:/var/seed.  On bar, run:

bar# sysctl kern.securelevel
kern.securelevel = -1
bar# head -c 4 </tmp/seed | hexdump -C
00000000  00 01 00 00                                       |....|
bar# rndctl -L /tmp/seed
bar# /etc/rc.d/random_seed stop
bar# rndctl -l

The transcript will show:
(a) whether the seed starts with a nonzero count,
(b) what securelevel is on bar (note: at securelevel>1, userland
    cannot affect the entropy count),
(c) what `rndctl -l' printed before saving the seed on foo and after
    loading the seed on bar,
(d) what rndctl -L printed,
(e) what writing a new seed to disk on bar printed, and
(f) how much entropy and how many samples each source has contributed
    on bar after loading the seed.

Home | Main Index | Thread Index | Old Index