On 3/22/2020 8:55 PM, Werner Koch via Gnupg-users wrote: > On Sun, 22 Mar 2020 12:36, Andrew Gallagher said: >> On 22/03/2020 05:38, john doe wrote: >>> Do you have enough entropy on the VM? >> >> Argh, thank you. I thought I had enough entropy because monkeysphere >> created its trust root without issue, but installing haveged did fix the >> problem. > > You might be better off using this: > > --8<---------------cut here---------------start------------->8--- > $ cat /etc/gcrypt/random.conf > # Options for the random generator > > # We don't trust the the Jitter based thing - do not use it. > #disable-jent > > only-urandom > > --8<---------------cut here---------------end--------------->8--- > > instead if the very brittle and CPU dependent haveged. On any decent > Linux urandom is good enough. Right at some early boot stages and on a > fresh or not properly shutdown system, it might have too less entropy. > But if you have such concerns you should anyway use the latest Libgcrypt > which does not only mix in RDRAND but als entropy from its own > JitterRNG. >
Thank you Werner, I wrapped the above as an one liner: $ mkdir -p /etc/gcrypt && printf "# Options for the random generator\n#\n# https://lists.gnupg.org/pipermail/gnupg-users/2020-March/063372.html\n#\n# We don't trust the Jitter based thing - do not use it.\n#disable-jent\n\nonly-urandom\n" > /etc/gcrypt/random.conf Note that this e-mail is folded by my mailer. -- John Doe _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users