Afternoon, Lutz:
I want to thank you for responding, and I believe you have understood my
frustration rather well, because your experience parallels mine. However, since I
am an applications man, not a systems man, you can I am sure understand my
confusion about this.
In my field (psychology) entropy has an entirely different meaning.
I'd be thrilled to have the chance to incorporate your solution when it is
available. The only thing saving me from total aggravation is that the problem is
on our development and data base server which updates the web server, so the 30
second waits going in and out of https/http are endured only by the internal staff.
Yes, I am thankful for small mercies.
Lutz Jaenicke wrote:
> On Thu, Jun 15, 2000 at 03:20:26PM -0700, George Walsh wrote:
> > I am encountering this delay problem under UNIXWARE 7.1 because there is
> > no /dev/random or /dev/urandom supplied. Following suggestions that I
> > use EGD from lothar.com, I pulled down the README only to learn there
> > that the insufficient entropy problem is going to continue according to
> > the author's untried explanation.
> >
> > I'd like to think I am not the sole survivor in the Universe with this
> > problem. Can someone point me in the right direction? It has to re
> > resolvable because Stronghold is running fine on another server with the
> > identical o/s.
>
> I am not totally sure that I understand your mail, so I just discuss my case:
> - I am running HP-UX (no /dev/random or /dev/urandom)
> - I run EGD, which does not help too much at startup, since no entropy has
> been collected at this point and mod_ssl is not seeded correctly.
> (Hence I tended to read in entropy from a support file to make mod_ssl happy)
> - You can not rely on EGD, since it is easily drained when several processes
> query it.
> - Since the same problem persists, I have started writing the "prngd" which
> should do the same thing as EGD but feed the seed aquired into a PRNG
> (the OpenSSL one to be more precise), so that it is never drained.
> It also reads back entropy from its seed-save file on startup, so that it
> is immediately available.
> [The prngd is currently not ready to be released to the public, it will
> probably take 1 or 2 more weeks before I can think about publishing it :-)]
>
> Best regards,
> Lutz
> --
> Lutz Jaenicke [EMAIL PROTECTED]
> BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
> Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
> Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
