Automatically generated configuration files
Samuel Sieb
samuel at sieb.net
Fri Apr 25 05:33:00 UTC 2014
On 04/24/2014 08:39 AM, Paul Wouters wrote:
> On Thu, 24 Apr 2014, Florian Weimer wrote:
>
>> I don't think "openssl genrsa 2048" has this issue on today's
>> machines. (I know I saw it with GNUTLS.)
>
> I was sceptical, so I tried this on a freshly booted VM:
>
> root at bofh:~# virsh start north
> Domain north started
> root at bofh:~# ssh root at north
> Last login: Wed Apr 23 11:54:46 2014
> [root at north ~]# time openssl genrsa 2048
> [...]
> real 0m0.382s
> user 0m0.267s
> sys 0m0.003s
>
> Call me very surprised! We finally have real entropy in VMs now. Good news!
>
That is surprising, I wonder if it's using /dev/random or /dev/urandom.
Twice I've done an install of freeipa on a freshly installed vm and
both times it wouldn't start. I finally figured out that named needs to
read from /dev/random when starting up the first time and it wasn't
getting anything. The first time I ran the command manually telling it
to use /dev/urandom. The second time I ran it manually and did a lot of
filesystem and network access, hoping that it would generate entropy.
Which it did seem to do as the command ran successfully.
More information about the devel
mailing list