18 Mar
2016
18 Mar
'16
5:55 p.m.
I don't know if it's related but:
openssl dhparam -out dhparam.pem 4096
was taking forever on amazon and was certainly faster on bitfolk.
Worth to check with/without entropy generators.
On Fri, Mar 18, 2016 at 1:46 PM, Andy Smith <andy(a)bitfolk.com> wrote:
Hi Robert,
On Fri, Mar 18, 2016 at 05:37:22PM +0000, Robert Gauld wrote:
I wrote a simple script to log available entropy
every 10 seconds and ran
it for 36 hours. I had a maximum of 2043 and a minimum of 132, the graph
being quite erratic.
I suppose the question really is what's a sensible minimum level to be
happy?
Not really; a key argument of the article
(http://www.2uo.de/myths-about-urandom/) is that measurements of
available entropy are meaningless, because (a) there is really no way to
know, and (b) the CSPRNG behind /dev/urandom can always provide you
more and you should be using that.
*Anything* that is reading from /dev/random is a concern because it
could potentially block.
So far it seems we are not finding anything now that uses
/dev/random, although I suspect that gpg may well still do so when
generating a new key. I haven't tested that yet.
It's looking like the entropy service wiki article at the very least
needs rewriting to stress:
- urandom is good enough; try to make your software use that
- don't configure this just because you measure a low entropy pool,
do check exactly what software is blocking on /dev/random
- let us know what software that is
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEAREDAAYFAlbsPv4ACgkQIJm2TL8VSQuHwQCgyDT2rpmPyfgliTmRfZhde7kn
Qe8AnjxS1meNgk0+CqhUki43RE93Wq7v
=surv
-----END PGP SIGNATURE-----
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users