• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

gpg --gen-key: gaining enough "entropy"

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Software and Hardware

View previous topic :: View next topic  
Author Message
rawbone72
Just Arrived
Just Arrived


Joined: 23 Apr 2010
Posts: 0


Offline

PostPosted: Tue May 04, 2010 1:41 am    Post subject: gpg --gen-key: gaining enough "entropy" Reply with quote

Hello,

I am trying to use gpg-gen on my Ubuntu system to generate PGP keys and am getting the message:

"Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 281 more bytes)"

I've read quite a few posts and threads and even a webpage dedicated to the concept of generating keys, \/dev\/random, gaining enough "entropy", etc - but cannot seem to satisfy my installation of gpg. I am ssh'ing into the machine, so keyboard/mouse activity at the moment is not part of the equation. I could get over there on the console if necessary. I have opened up several sessions and done the following things simultaneously in different windows:

find / &
grep -R *whatever* ./*
top
sftp'ing large files over from other machines
a shell script that iteratively runs the "who" command
du -sk * from "/"

Yet when I watch /proc/sys/kernel/random/entropy_avail I don't see that number going above 190, and I assume that based on the above prompt - and this is just a guess - that the number needs to get above 281 for some period of time. In fact, even when I have several of the above things going, it is hard to tell whether I am really influencing that number or not. I don't see a strong pattern in the fluctuation of that number.

Does anyone have any suggestions for getting this gpg thing to work?

Thanks,

-Robin
Back to top
View user's profile Send private message
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Wed May 05, 2010 12:24 am    Post subject: Reply with quote

Hi,

You really shouldn't create the key pair remotely. It is hard to generate enough good quality entropy without actual physical interaction with the machine. Also, the SSH daemon will eat away most of your entropy to maintain the active ssh connection.

If you can physically walk over to the machine and play with the keyboard and mouse on the console, that would be best -- see the GPG FAQs Why does it sometimes take so long to create keys? and And it really takes long when I work on a remote system. Why?

Another solution would be to create the key pair on your local system, then upload it to the remote machine.
Back to top
View user's profile Send private message
hackerisland
Just Arrived
Just Arrived


Joined: 15 Jan 2011
Posts: 0


Offline

PostPosted: Sat Jan 15, 2011 7:04 am    Post subject: Reply with quote

There's also a possibility that a program aside from SSH is eating up the entropy. If you have the ability to kill unnecessary processes this might be a place to start.
Back to top
View user's profile Send private message
normat0211
Just Arrived
Just Arrived


Joined: 02 Mar 2011
Posts: 0


Offline

PostPosted: Tue Mar 22, 2011 9:29 am    Post subject: gpg --gen-key: gaining enough "entropy" Reply with quote

Just give a look to http://www.question-defense.com/2010/03/03/not-enough-random-bytes-available-please-do-some-other-work-to-give-the-os-a-chance-to-collect-more-entropy-need-283-more-bytes ,it will help you or for second option ,see http://www.chrissearle.org/node/326
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Software and Hardware All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register