[Csync2] generating pre-shared keys very slow
Art -kwaak- van Breemen
ard+csync2 at telegraafnet.nl
Wed Dec 17 16:02:07 CET 2008
Hi,
On Wed, Dec 17, 2008 at 03:37:52PM +0100, Christian Wiese wrote:
> thanks for the reply! I can confirm that /dev/random is the problem, see
> my other mail where I tested to use /dev/urandom instead of /dev/random.
> It might be reasonable to check if /dev/urandom is available only
> using /dev/random as fallback. Do you see any problem there?
Well, if you are doing any webhosting or so, you should have
plenty of entropy. Maybe you should check the reason for the lack
of entropy first. If you installed dropbear in your system (an
sshd daemon), it would be ready to process the connection 30 minutes
after the tcp connection setup.
Reasons for the lack of entropy are:
massive amounts of new ssh connections on an idle system.
Yes, I know only one reason, short of having a very weird system.
If it should do anything it is to use /dev/random, and after a
timeout use /dev/urandom, or it should be a commandline option.
But due to the lack of entropy on your system, I wonder what is
coming out of /dev/urandom.
Don't get me wrong, I've recompiled dropbear to use /dev/urandom
for a specific embedded device. It took 2 minutes or so to get
enough random data to log in.
--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in email?
More information about the Csync2
mailing list