[fwd] --gen-key (Need 300 more bytes) (from: olibode@optushome.com.au)

J. Goodleaf goodleaf@goodleaf.net
Mon, 7 Aug 2000 20:34:46 -0700 (PDT)


You need to use rndcontrol to set an IRQ to help supply entropy for the
random number generator.

On most *nixish systems, type vmstat -i

This returns a list of irqs in use. Find an irq (Not clk or rtc) that's
got a decent rate number.

Then just type:
rndcontrol -s 11
(where irq 11 is getting, say a 35 in the rate column.Fill in the
irq of your choice, just not clk or rtc.) Once this has been
done, try generating a key again. It may take a while, depending on the
size of the key and the rate of entropy generated from the irq you're
using, but it will work (I think).
-J

===============================
John Goodleaf
goodleaf@goodleaf.net

PGP key: finger goodleaf@clyde.goodleaf.net
===============================

On Tue, 8 Aug 2000, Anthony David wrote:


> Werner Koch <wk@gnupg.org> writes:
>
> > From: "Oliver Bode" <olibode@optushome.com.au>
> > Subject: --gen-key (Need 300 more bytes)
> > To: <gnupg-users@gnupg.org>
> > Date: Mon, 7 Aug 2000 22:16:21 +1000
> >
> > Hello,
> >
> > Our ISP just installed gnupg for us on our server. However, I'm getting an
> > error that I would like to sort out
> >
> > Each time I try to generate keys I get the following:
> >
> > Not enough random bytes available. Please do some other work to give
> > the OS a chance to collect more entropy! (Need 300 more bytes)
> >
> > I don't seem to have any control over this and my telnet program hangs up.
> >
> > In the documentation it says:
> >
> > --gen-key Generate a new key pair. This command can only be used
> > interactive.
> >
> > How can I become interactive? Is this the problem?
>
> Telnet is interactive. Telnet is not a good way to go however, especially
> over a cable modem as it is trivial to sniff other traffic.
> Wiretapped Australia reported a number of other security issues with
> Optus@home.
>
> Use ssh so when other users on your subnet hijack your session, they
> will only get encrypted data and not your passwords.
>
> Better still, generate the keys on a standalone Linux/*BSD box and
> get your ISP to install them via floppy.
>
> If you still think the risk is OK, run a find command agaist a large
> filesystem in the background while you gen your keys on the server.
>
> Hope this helps
>
> Regards
>
> --
> =========================================================
> Gambling: A discretionary tax on | Anthony David
> those who were asleep during high | Systems Administrator
> school mathematics classes |
>
> --
> Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
> with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
>
>
-- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org