Re: gpg can't get random/entropy

To: Julio Merino <jmmv%netbsd.org@localhost>
Subject: Re: gpg can't get random/entropy
From: matthew sporleder <msporleder%gmail.com@localhost>
Date: Tue, 15 May 2012 08:09:33 -0400

On Mon, May 14, 2012 at 9:45 PM, Julio Merino <jmmv%netbsd.org@localhost> wrote:
> On Wed, Mar 21, 2012 at 10:34 PM, Thor Lancelot Simon 
> <tls%panix.com@localhost> wrote:
>> On Wed, Mar 21, 2012 at 04:49:57PM -0700, Paul Goyette wrote:
>>>
>>> Not enough random bytes available.  Please do some other work to give
>>> the OS a chance to collect more entropy! (Need 123 more bytes)
>>
>> I have seen extremely odd behavior of this kind from gpg on other
>> platforms, even Linux.
>
> Meh, I have just encountered this same problem too :-/
>
>> I think gpg may have a bug -- I think rather than accumulating random
>> bytes from successive reads from /dev/random, it may be insisting on
>> getting as many as it wants to read, all in one read() system call.
>
> I think that's a reasonable possibility.  I have been able to generate
> a bunch of 1024-bit long keys without issues, but no luck whatsoever
> with a 4096 key.  As it turns out, "rndctl -ls" continuously reports
> having over 3000 bits of entropy ready for delivery reaching the
> maximum of 4096 eventually, but gpg will sit there waiting for more
> entropy.
>
>> Even the Linux /dev/random won't give it this under all conditions in
>> which there is as much entropy available as it wants.  So this is quite
>> frustrating.
>
> However, it works.  I have done a few tests on a Linux machine and
> didn't have major issues. The generation was very slow but it
> eventually completed, and looking at the statistics of the entropy
> while creating the keys, it seemed as if gpg was consuming the bits
> slowly (instead of your theory of reading in just one batch).
>
> It is also interesting to note that the configure script of libgcrypt
> (gnupg2) and gnupg (v1) contain stuff that is Linux-specific regarding
> random entropy collection, so I wouldn't be too surprised if the
> non-Linux code was broken.
>
> It'd be nice to get a working gpg...
>

For me gpg blocked ~forever until I added this to rc.conf:
rndctl=YES
rndctl_flags="-ec -t net"

Follow-Ups:
- Re: gpg can't get random/entropy
  - From: Julio Merino

References:
- gpg can't get random/entropy
  - From: Paul Goyette
- Re: gpg can't get random/entropy
  - From: Thor Lancelot Simon
- Re: gpg can't get random/entropy
  - From: Julio Merino

Prev by Date: daily CVS update output
Next by Date: Re: gpg can't get random/entropy
Previous by Thread: Re: gpg can't get random/entropy
Next by Thread: Re: gpg can't get random/entropy
Indexes:

Home | Main Index | Thread Index | Old Index