Subject: Re: problem with security/GnuPG on -current/sparc
To: None <>
From: Jon Buller <>
List: tech-pkg
Date: 11/29/2002 09:14:57
In message <>, writes:
>> My guess is that it doesn't seem to know when it found
>> a good key, and keeps trying more.
>Did you read
> ??? You should...

No, missed that one... oops.  But that does not appear to be it.

>The dots indicate that gnupg needs more random numbers. Just move your mouse (
>when you're using X) or press some keys. You can also check available random n
>umbers with rndctl -s.

Except that rndctl -s went from 4096 bits in the pool before starting
--gen-keys to 0 immediately after, then it quickly climbed to, and
stayed at, 4096.  When I saw it low, I started a find / > /dev/null
to fill the pool, but I quickly killed it when the pool was close
to full.

Also, if it was waiting for more random bits, I would expect the
CPU load to be quite low, but top reports it as the most CPU bound
process on the machine. Finally, lsof reports that it is using
/dev/urandom, not /dev/random, and the rndctl manpage says
"/dev/urandom   Always returns data, degenerates to a pseudo-random

I believe the dots do not signify that it is waiting for more random
bits, but is reporting progress on finding some prime numbers to
use as a key.  I was hoping someone had run into this recently, or
could verify the problem.  (Or even provide a workaround.)  Guess
I'll need to start playing with GCC options and digging into the
GnuPG source code.  (Which I do not feel the most qualified or
comfortable doing.)