To:
dnsop@cafax.se
From:
Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date:
Thu, 28 Feb 2002 15:12:15 -0500
Sender:
owner-dnsop@cafax.se
Subject:
secure-ddns-howto.html
>One possible problem that can be encountered with dnssec-keygen is that it >might use up all the entropy in /dev/random before it is done generating the >key. This will make dnssec-keygen appear to hang, when in fact it is simply >waiting for more entropy. One solution to this is to use the -r <randomdev> >parameter that allows you to specify another random device, such as >/dev/urandom. Well, that isn't very good advice. If there isn't enough entropy in /dev/random, then there certainly isn't enough in /dev/urandom. urandom just "makes stuff up" instead of blocking. If dnssec-keygen hangs, then you need to feed it more entropy, not tell it to use a poorer entropy source. Rather than fall back to using /dev/urandom instead, I suggest that you recommend if it hangs to open new window and do stuff. (compiler a kernel, visit slashdot, what precisely depends upon what OS you are running and how it was compiled but generally anything with keyboard I/O) If nothing else, then do: dd if=/dev/audio of=/dev/random which is as good as using /dev/urandom anyway! (The above may not work on Linux unless you have a mixer open. It also likely fails if your audio drivers are incomplete, as many have no input functions...) ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [