[fwd] --gen-key (Need 300 more bytes) (from: olibode@optushome.com.au)

J. Goodleaf goodleaf@goodleaf.net
Mon, 7 Aug 2000 20:34:46 -0700 (PDT) 

You need to use rndcontrol to set an IRQ to help supply entropy for the
random number generator.

On most *nixish systems, type vmstat -i

This returns a list of irqs in use. Find an irq (Not clk or rtc) that's
got a decent rate number.

Then just type:
rndcontrol -s 11
(where irq 11 is getting, say a 35 in the rate column.Fill in the
irq of your choice, just not clk or rtc.) Once this has been
done, try generating a key again. It may take a while, depending on the
size of the key and the rate of entropy generated from the irq you're
using, but it will work (I think).
-J

===============================
John Goodleaf
goodleaf@goodleaf.net

PGP key: finger goodleaf@clyde.goodleaf.net
===============================

On Tue, 8 Aug 2000, Anthony David wrote:


> Werner Koch <wk@gnupg.org> writes:

> 

> > From: "Oliver Bode" <olibode@optushome.com.au>

> > Subject: --gen-key (Need 300 more bytes)

> > To: <gnupg-users@gnupg.org>

> > Date: Mon, 7 Aug 2000 22:16:21 +1000

> > 

> > Hello,

> > 

> > Our ISP just installed gnupg for us on our server. However, I'm getting an

> > error that I would like to sort out

> > 

> > Each time I try to generate keys I get the following:

> > 

> > Not enough random bytes available.  Please do some other work to give

> > the OS a chance to collect more entropy! (Need 300 more bytes)

> > 

> > I don't seem to have any control over this and my telnet program hangs up.

> > 

> > In the documentation it says:

> > 

> > --gen-key Generate a new key pair. This command can only be used

> > interactive.

> > 

> > How can I become interactive? Is this the problem?

> 

> Telnet is interactive. Telnet is not a good way to go however, especially

> over a cable modem as it is trivial to sniff other traffic. 

> Wiretapped Australia reported a number of other security issues with

> Optus@home.

> 

> Use ssh so when other users on your subnet hijack your session, they

> will only get encrypted data and not your passwords.

> 

> Better still, generate the keys on a standalone Linux/*BSD box and

> get your ISP to install them via floppy.

> 

> If you still think the risk is OK, run a find command agaist a large

> filesystem in the background while you gen your keys on the server.

> 

> Hope this helps

> 

> Regards

> 

> -- 

> =========================================================

> Gambling: A discretionary tax on  | Anthony David

> those who were asleep during high | Systems Administrator

> school mathematics classes        |

> 

> -- 

> Archive is at http://lists.gnupg.org - Unsubscribe by sending mail

> with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org

> 

> 


-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org