Automatically generated configuration files

Samuel Sieb samuel at
Fri Apr 25 05:33:00 UTC 2014

On 04/24/2014 08:39 AM, Paul Wouters wrote:
> On Thu, 24 Apr 2014, Florian Weimer wrote:
>> I don't think "openssl genrsa 2048" has this issue on today's
>> machines.  (I know I saw it with GNUTLS.)
> I was sceptical, so I tried this on a freshly booted VM:
> root at bofh:~# virsh start north
> Domain north started
> root at bofh:~# ssh root at north
> Last login: Wed Apr 23 11:54:46 2014
> [root at north ~]# time openssl genrsa 2048
> [...]
> real    0m0.382s
> user    0m0.267s
> sys    0m0.003s
> Call me very surprised! We finally have real entropy in VMs now. Good news!
That is surprising, I wonder if it's using /dev/random or /dev/urandom. 
  Twice I've done an install of freeipa on a freshly installed vm and 
both times it wouldn't start.  I finally figured out that named needs to 
read from /dev/random when starting up the first time and it wasn't 
getting anything.  The first time I ran the command manually telling it 
to use /dev/urandom.  The second time I ran it manually and did a lot of 
filesystem and network access, hoping that it would generate entropy. 
Which it did seem to do as the command ran successfully.

More information about the devel mailing list