I noticed that this parameter is reported on these systems as 4096, but the man page (man 4 random) says it should normally be 512 (bytes). It also goes on to say it can be changed to 32, 64, 128, 256, 512, 1024, 2048 which I assume is bytes. 4096 bits = 512 byes, so it kinda makes sense. When I try and change the value with sysctl -w kernel.random.poolsize=2048 as root I get "error: permission denied on key 'kernel.random.poolsize'"
Bruce On Wed, Jun 11, 2008 at 2:18 PM, Glenn <[EMAIL PROTECTED]> wrote: > The entropy pool size is configurable on some systems. For Linux see > /proc/sys/kernel/random/poolsize > > Glenn > > > On Wed, Jun 11, 2008 at 7:52 AM, Bruce Keats <[EMAIL PROTECTED]> wrote: > >> I forgot to mention that the systems in question are severs that do not >> have the keyboard or mouse as sources of entropy. Yes indeed, the problem >> seems a lack of entropy. What I find surprising is that on these systems, I >> seem to be able to get approx 400 bytes from /dev/random and it doesn't >> matter how long the system has been running for (hours, days, weeks or >> months). This seems a little odd to me. >> >> Bruce >> >> On Tue, Jun 10, 2008 at 11:25 PM, David Schwartz <[EMAIL PROTECTED]> >> wrote: >> >>> >>> > What is the acceptable lower limit for the number of bytes for >>> RAND_load_file()? >>> >>> Nobody can tell you what your requirements are. Some people will consider >>> it >>> acceptable just to read 1KB from /dev/urandom. This is only a problem if >>> the >>> entropy pool was never seeded, which is always at least possible. >>> >>> If you aren't comfortable reading from /dev/urandom, an acceptable >>> compromise might be to read a small number of bytes from /dev/random >>> (accepting that this might take a while in exchange for a stronger >>> guarantee >>> of security) and a larger number of bytes from /dev/urandom (in the hopes >>> that this will increase security because it is quite likely to do so). >>> >>> IMO, 16 or 32 bytes from /dev/random and 256 bytes from /dev/urandom is >>> sufficient for almost all imaginable applications. >>> >>> DS >>> >>> >>> ______________________________________________________________________ >>> OpenSSL Project http://www.openssl.org >>> User Support Mailing List openssl-users@openssl.org >>> Automated List Manager [EMAIL PROTECTED] >>> >> >> >
