I was generating GnuPG keys, and got the following message:

Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 274 more bytes)

We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.

It turns out that the random number device, /dev/random, relies on entropy, or random events in the operating system, to generate true random numbers. The entropy apparently comes from timings of hardware interrupts such as mouse and keyboard events.

This means that if you are generating keys on a remote server with no keyboard or mouse, random entropy-generating events tend to be few and far between.

You can view the amount of entropy in the file /proc/sys/kernel/random/entropy_avail. On my system, the number hovers between 30 and 150. It should be able to go up to 4096 (or whatever number is in /proc/sys/kernel/random/poolsize).

If you want to monitor the entropy generation, you can run:

watch –interval 0.1 cat /proc/sys/kernel/random/entropy_avail

So, if your system is not generating enough entropy on its own, you can feed it some random values to help it out. The easiest way is to start with a large block of random numbers, which you can get from random.org or HotBits. You need blocks of 2,500 bytes to work with rngd below. If the data is in some sort of text-readable format, convert the data to random bytes, either by transforming them into byte values with a script or (if you are lazy) by compressing the file.

Next, you need to feed the random bytes the random number generator. You can use the rngd program, which is in the rng-tools package, to do this, with the following command:

sudo rngd -f -r [random data file]

If you get lots of messages like:

block failed FIPS test: 0x07

then your random data is not ‎random‏ enough—remember that it needs to be random bytes, not random readable text.

If you just get a message:

entropy source exhausted!

then your data source is too small.

Tagged with →  
Share →

2 Responses to Produce entropy for /dev/random in Linux

  1. […] http://blog.sbf5.com/?p=50 Pointed me in the right direction for using rngd to generate entropy for /dev/random […]

  2. This post is indescribably retarded. Rngd is intended to feed data from a HARDWARE generator such as a Geiger counter. At the time it was fucking written people were all up in arms as to how it’s a bad idea because random clueless noobs will proceed to feed pseudorandom crap into it with appaling results.

    Remember that cryptography on bad rnd is no cryptography at all and don’t do stupid shit like this.