On Thu, Jun 15, 2000 at 03:20:26PM -0700, George Walsh wrote:
> I am encountering this delay problem under UNIXWARE 7.1 because there is
> no /dev/random or /dev/urandom supplied. Following suggestions that I
> use EGD from lothar.com, I pulled down the README only to learn there
> that the insufficient entropy problem is going to continue according to
> the author's untried explanation.
>
> I'd like to think I am not the sole survivor in the Universe with this
> problem. Can someone point me in the right direction? It has to re
> resolvable because Stronghold is running fine on another server with the
> identical o/s.
I am not totally sure that I understand your mail, so I just discuss my case:
- I am running HP-UX (no /dev/random or /dev/urandom)
- I run EGD, which does not help too much at startup, since no entropy has
been collected at this point and mod_ssl is not seeded correctly.
(Hence I tended to read in entropy from a support file to make mod_ssl happy)
- You can not rely on EGD, since it is easily drained when several processes
query it.
- Since the same problem persists, I have started writing the "prngd" which
should do the same thing as EGD but feed the seed aquired into a PRNG
(the OpenSSL one to be more precise), so that it is never drained.
It also reads back entropy from its seed-save file on startup, so that it
is immediately available.
[The prngd is currently not ready to be released to the public, it will
probably take 1 or 2 more weeks before I can think about publishing it :-)]
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
