Stephen Gran on 4 Jul 2006 10:24:51 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] wtf? system out of entropy


On Tue, Jul 04, 2006 at 05:50:00AM -0400, sean finney said:
> hey plug,
> 
> thought i'd fire off a mail here in case anyone has something to
> add while i do some research on my own...
> 
> i have a server which has run dry of entropy to /dev/random, and
> i can't get it to refill this, which sucks since there are fairly
> important services that depend on reading a byte or two from
> it during startup.
> 
> reading through a few online docs, i see that the linux kernel
> historically uses 4 sources for rebuilding entropy:
> 
> - keyboard interrupts
> - mouse interrupts
> - ide timing/interrupts/accesses
> - network traffic
> 
> but i've heard that lately, the network traffic has been removed
> from this list due to malicious attackers being able to poison
> the PRNG with specially timed packets.
> 
> the system doesn't use IDE drives, it uses SCSI.  filesystem activity
> doesn't seem to help too much...
> 
> the system is in a datacenter, and has no mouse.
> 
> i've tried furiously banging on the keyboard, like a monkey trying
> to write shakespeare, but no new entropy is added nor have i recreated
> any sonnets.
> 
> i'm at the point that i may very well just give up and reboot the
> system, but wonder if anyone here has ever come across this problem,
> and/or knows of a way to start getting bytes back into the
> pool.

find / > /dev/null 2>&1
etc.  Sometimes you can generate enough entropy to get back in the black
by really working the disks, but often not.

Is this a 2.6 Debian stable kernel?  The 2.6.8 kernel was at the moment
when they were moving from the old entropy rotuines to the new, and
several drivers were simply not ported over, so they generate no entropy
at all.  The DAC960 is one of these that I remember off hand, but there
are others.  I recomend trying a 2.4 kernel, or going to a newer one as
the long term solution.
-- 
 --------------------------------------------------------------------------
|  Stephen Gran                  | You know, the difference between this   |
|  steve@lobefin.net             | company and the Titanic is that the     |
|  http://www.lobefin.net/~steve | Titanic had paying customers.           |
 --------------------------------------------------------------------------

Attachment: signature.asc
Description: Digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug