Entropy in /dev/random ?

I'm trying to configure a Linode as a nameserver (for learning purposes, I know other solutions are easier).

The Linode is running Debian 6. I'm following instructions at http://wiki.debian.org/Bind9, and I've already set up bind in a chroot as per instructions further down in that wiki.

When I try to generate a key for a TSIG signature, the dnssec-keygen command hangs:

dnssec-keygen -a HMAC-MD5 -b 512 -n USER ns-yyrrll-net_rndc-key

A little google-fu suggests the problem may be lack of entropy in /dev/random. When I cat /dev/random to a file, the file ends up empty.

So how do I get more entropy into /dev/random?

3 Replies

You can install Haveged. It has been backported to Squeeze.


Because your Linode doesn't have a physical disk, keyboard, or mouse attached to it to generate interrupts, you'll see less entropy generated than on a desktop system. Just what is used as an entropy source varies quite a bit based on your kernel and specific configuration; things seem to have lately swung in the paranoid direction of trusting very few sources. cat /proc/sys/kernel/random/entropy_avail should tell you how much entropy is in the random subsystem (4096 bits is usually the max number you'll see here).

In addition to advocatux's suggestion, you can also feed the entropy pool by writing data to /dev/random. You could generate the data on your local machine (which presumably has plenty of entropy) with a command like dd if=/dev/random of=~/datafile count=1.

Or just run the following in another terminal on the Linode:

while true ; do mandb ; done

I find that's the quickest way to generate entropy when I need it.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct