tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [6.0_BETA] cprng xxx: WARNING insufficient entropy at creation.

On Sat, Feb 25, 2012 at 06:47:26AM +0100, Emmanuel Dreyfus wrote:
> Since I upgraded to 6.0_BETA, an i386 Xen domU keeps complaining "cprng
> xxx: WARNING insufficient entropy at creation." whith xxx being various
> numbers.
> Configuration issue? Real bug? It did not happen on the netbsd-5 branch.

This cprng code is new in netbsd-6; that's why you didn't see it on -5 :)
The problem is that there's no good source of entropy on a Xen domU.
The previous code has the same problem but was silent on the issue.
/dev/random would not give much data on NetBSD-5 either:
dd if=/dev/random bs=1 count=16 | od -x
will hang ~indefinitly with the default config (it completes in a few
seconds on a i386 box with modest disk activity).

one way to work around the problem is to enable disk and network
entropy with rndctl, but this may not be a good source of entropy
(I can't evaluate how bad it is myself, crypto is not my area).

Manuel Bouyer <>
     NetBSD: 26 ans d'experience feront toujours la difference

Home | Main Index | Thread Index | Old Index