[Touch-packages] [Bug 706011] Re: gpg --key-gen doesn't have enough entropy and rng-tools install/start fails
Then please do not believe that blog post. Because /dev/urandom is not a source of entropy and can not be relied upon for any serious business. It is in a sense a consumer of entropy available from /dev/random, that does an expansion to provide pseudo random data even when there is no entropy to produce good random data. @Jon Stevens: Crypto should not be messed with. Period. But your frustration is understandable. Developers do not intend to be hostile to novice users as you claim, but we have concerns that not all users will not be able to appreciate. rng-tools has a valid use case, but the workaround suggested in some comments to use /dev/urandom would scare the crap out of any cryptographer. I wish it is disallowed altogether. The most sensible suggestion comes from Alvaro in #25. Why hasn't there been more discussion on this? Security can't be compromised, but a better explanation to users doees no harm. I am skeptic of allowing a flag, it will be suggested as a workaround when it should not be, and users will follow the advice. Rather, only when being run interactively, the user can be prompted after a timeout if they want to reduce the key size and/or proceed with just the available entropy, since it is taking long to collect enough entropy. This option should be unavailable when being run non- interactively, since I don't see the need and IMO allowing it does more damage in the long run. On a sidenote, rng-tools should atleast spit out a warning when /dev/urandom is being used as a *HARDWARE* random number generator, which it is not. Does not prevent anyone from creating a new device node for urandom and using it, and circulating sequence of commands to be run to accomplish that, but all user stupidity can not be safeguarded against. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnupg in Ubuntu. https://bugs.launchpad.net/bugs/706011 Title: gpg --key-gen doesn't have enough entropy and rng-tools install/start fails Status in gnupg package in Ubuntu: Confirmed Bug description: Binary package hint: gnupg Description: Ubuntu 10.04.1 LTS Release: 10.04 If you install gpg and then type: gpg --gen-key, it 'freezes up' during the entropy gathering phase. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 278 more bytes) (freeze here) I found some reference on the interwebs suggesting to install rng- tools so that the rngd daemon can gather more entropy for the system because by default cat /proc/sys/kernel/random/entropy_avail has a very very low number. Thus, installation of rng-tools, fails to start the rngd daemon... Setting up rng-tools (2-unofficial-mt.12-1ubuntu3) ... Trying to create /dev/hwrng device inode... Starting Hardware RNG entropy gatherer daemon: (failed). invoke-rc.d: initscript rng-tools, action start failed. It is then required to do this: echo HRNGDEVICE=/dev/urandom /etc/default/rng-tools and then start rngd: /etc/init.d/rng-tools start After this process is done, gpg --gen-key is immediate... We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. .+ ...+ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. + .+ And cat /proc/sys/kernel/random/entropy_avail has a much higher number. All in all, I think this process should be simplified by maybe making gpg depend on rng-tools. The whole reason why I need to generate a gpg key is because I want to sign the .deb debians that I'm creating for my repository. Thanks for your time. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/706011/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 706011] Re: gpg --key-gen doesn't have enough entropy and rng-tools install/start fails
I should have read the blog post you linked to before posting the comment. There are no factual errors in the blog post to my knowledge (I'm no professional cryptographer, just an enthusiast who took a couple formal courses and tinkered a bit), and the argument is compelling. My previous comment actually looks silly now, since I talk of good random data that the post disputes. But I stand my ground that using /dev/urandom for serious business like GPG keys is a bad idea. /dev/random providess a better guarantee than /dev/urandom regarding the randomness of data you extract, and many including me are not happy to give up this guarantee. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnupg in Ubuntu. https://bugs.launchpad.net/bugs/706011 Title: gpg --key-gen doesn't have enough entropy and rng-tools install/start fails Status in gnupg package in Ubuntu: Confirmed Bug description: Binary package hint: gnupg Description: Ubuntu 10.04.1 LTS Release: 10.04 If you install gpg and then type: gpg --gen-key, it 'freezes up' during the entropy gathering phase. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 278 more bytes) (freeze here) I found some reference on the interwebs suggesting to install rng- tools so that the rngd daemon can gather more entropy for the system because by default cat /proc/sys/kernel/random/entropy_avail has a very very low number. Thus, installation of rng-tools, fails to start the rngd daemon... Setting up rng-tools (2-unofficial-mt.12-1ubuntu3) ... Trying to create /dev/hwrng device inode... Starting Hardware RNG entropy gatherer daemon: (failed). invoke-rc.d: initscript rng-tools, action start failed. It is then required to do this: echo HRNGDEVICE=/dev/urandom /etc/default/rng-tools and then start rngd: /etc/init.d/rng-tools start After this process is done, gpg --gen-key is immediate... We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. .+ ...+ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. + .+ And cat /proc/sys/kernel/random/entropy_avail has a much higher number. All in all, I think this process should be simplified by maybe making gpg depend on rng-tools. The whole reason why I need to generate a gpg key is because I want to sign the .deb debians that I'm creating for my repository. Thanks for your time. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/706011/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1400377] Re: snapping to portrait/landscape
Won't fix since it can't be fixed by unity tweak tool without support from unity, and our project is limited to presenting various controls exposed by unity. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity in Ubuntu. https://bugs.launchpad.net/bugs/1400377 Title: snapping to portrait/landscape Status in Unity Tweak Tool: Won't Fix Status in unity package in Ubuntu: New Bug description: We can currently configure window snapping (take half the screen or the like) in unity-tweak-tool, this is nice. On a normal display, the screen is landscape so pushing window in side of screen split the screen in 2 (left/right) and pushing on top maximize the window. But on a portrait screen one would most likely want to split in 2 (top/bottom). I would like to be able to configure either per screen or per layout (portrait/landscape) ? To manage notifications about this bug go to: https://bugs.launchpad.net/unity-tweak-tool/+bug/1400377/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1400377] Re: snapping to portrait/landscape
This can be achieved by setting window snapping on chosen trigger eges to top half and bottom half. Per screen settings are not supported by unity to the best of my knowledge, so unfortunately this is not possible right now. If you manage to find any way this can be done, please inform us and we'll add the feature after studying how it can be done. Meanwhile, if you have both a portrait screen and a landscape screen, and need snapping for top/bottom and left/right, a workaround is to set window snapping triggers on all four edges to fill the respective halves ( top edge for top half and so on) and use a corner for maximize. Unity project may want to look at this feature-request, I am marking as affects unity and closing for unity tweak tool. ** Also affects: unity (Ubuntu) Importance: Undecided Status: New ** Changed in: unity-tweak-tool Status: New = Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity in Ubuntu. https://bugs.launchpad.net/bugs/1400377 Title: snapping to portrait/landscape Status in Unity Tweak Tool: Won't Fix Status in unity package in Ubuntu: New Bug description: We can currently configure window snapping (take half the screen or the like) in unity-tweak-tool, this is nice. On a normal display, the screen is landscape so pushing window in side of screen split the screen in 2 (left/right) and pushing on top maximize the window. But on a portrait screen one would most likely want to split in 2 (top/bottom). I would like to be able to configure either per screen or per layout (portrait/landscape) ? To manage notifications about this bug go to: https://bugs.launchpad.net/unity-tweak-tool/+bug/1400377/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
