insufficient entropy for rnd

To: tech-crypto%NetBSD.org@localhost
Subject: insufficient entropy for rnd
From: Rumi Szabolcs <rumi_ml%rtfm.hu@localhost>
Date: Mon, 11 Aug 2003 20:19:00 +0200

Hello!

I've got a server running NetBSD/i386 which is getting a
relatively low load. I'm running sendmail on it using SMTP
authentication via Cyrus SASL, which seems to use /dev/random.
When a mail gets relayed in such an authenticated manner,
sendmail often drops the connection with a timeout during
the authentication process which I believe is due to insufficient
randomness coming out of /dev/random so that read is blocking
so long that the SMTP connection gets timed out. When I make
a "find / -name blahblah" that puts some load on the filesystem
so that more entropy is gathered by rnd, this instantly revives
sendmail and the authentication succeeds...

Maybe Cyrus SASL (mine is 2.1.12 from pkgsrc) could be compiled
to use /dev/urandom instead, but for me this sounds more like
a workaround than a solution at least for a crypto purpose.
Wouldn't it be better to figure out more entropy sources
for a better feed of rnd? I also wonder how big the entropy
gathering pool is and how long it "caches" the entropy
that has been gathered.

Regards,
Szabolcs Rumi

Follow-Ups:
- Re: insufficient entropy for rnd
  - From: Matthias Scheler
- Re: insufficient entropy for rnd
  - From: Daniel Carosone
- Re: insufficient entropy for rnd
  - From: itojun

Prev by Date: Re: openssl 0.9.7 in NetBSD?
Next by Date: Re: insufficient entropy for rnd
Previous by Thread: libdes split
Next by Thread: Re: insufficient entropy for rnd
Indexes:

Home | Main Index | Thread Index | Old Index