[gcrypt-devel] gcry_pk_genkey function is extremely slow in libgcrypt

Karl Magdsick kmagnum at gmail.com
Tue Sep 6 09:23:02 CEST 2016


Note that FreeBSD and OS X both have /dev/random implementations that stop
blocking once the system hits a high water mark for entropy.  If FreeBSD is
an option for you, it may behave better in a vm.

Do any of you know offhand the latest Linux kernel's /dev/random behavior
when RDRAND/RDSEED is providing the vast majority of the entropy?  I'm
aware that hardware entropy instructions (where available) are treated
(wisely) as one of many sources, but I'm not if there's any mechanism
capping the estimated entropy contributions of any single source.  (Of
course, as the Fortuna designers point out, putting much faith in entropy
estimates is misguided.)

On Sep 6, 2016 9:57 AM, "Stephan Mueller" <smueller at chronox.de> wrote:

> Am Montag, 5. September 2016, 21:23:09 CEST schrieb Shuai Wang:
>
> Hi Shuai,
>
> > Hello Karl,
> >
> > Thank you for your reply. Yes, I have double-checked the */dev/random*
> and
> > it is extremely slow.
> >
> > So currently I produce the key pair in my host machine (OS X) and then
> > switch to the VM for some tests. It works!
>
> Maybe you want to consider an entropy harvesting daemon like maxwell, the
> Jitter RNG or the haveged.
>
> Ciao
> Stephan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160906/a862f29b/attachment.html>


More information about the Gcrypt-devel mailing list