Re: [6.0_BETA] cprng xxx: WARNING insufficient entropy at creation.

To: Emmanuel Dreyfus <manu%NetBSD.org@localhost>
Subject: Re: [6.0_BETA] cprng xxx: WARNING insufficient entropy at creation.
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Sat, 25 Feb 2012 16:15:27 +0100

On Sat, Feb 25, 2012 at 06:47:26AM +0100, Emmanuel Dreyfus wrote:
> Since I upgraded to 6.0_BETA, an i386 Xen domU keeps complaining "cprng
> xxx: WARNING insufficient entropy at creation." whith xxx being various
> numbers.
> 
> Configuration issue? Real bug? It did not happen on the netbsd-5 branch.

This cprng code is new in netbsd-6; that's why you didn't see it on -5 :)
The problem is that there's no good source of entropy on a Xen domU.
The previous code has the same problem but was silent on the issue.
/dev/random would not give much data on NetBSD-5 either:
dd if=/dev/random bs=1 count=16 | od -x
will hang ~indefinitly with the default config (it completes in a few
seconds on a i386 box with modest disk activity).

one way to work around the problem is to enable disk and network
entropy with rndctl, but this may not be a good source of entropy
(I can't evaluate how bad it is myself, crypto is not my area).

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

Follow-Ups:
- Re: [6.0_BETA] cprng xxx: WARNING insufficient entropy at creation.
  - From: Emmanuel Dreyfus
- Re: [6.0_BETA] cprng xxx: WARNING insufficient entropy at creation.
  - From: Martin Husemann

References:
- [6.0_BETA] cprng xxx: WARNING insufficient entropy at creation.
  - From: Emmanuel Dreyfus

Prev by Date: Re: 5.1 vs. 6.0_BETA
Next by Date: Re: 5.1 vs. 6.0_BETA
Previous by Thread: [6.0_BETA] cprng xxx: WARNING insufficient entropy at creation.
Next by Thread: Re: [6.0_BETA] cprng xxx: WARNING insufficient entropy at creation.
Indexes:

Home | Main Index | Thread Index | Old Index