帮助随机数生成器使用rng工具获得足够的熵(Debian Lenny)
您可能会知道这种情况:您要生成GPG或SSL密钥,并且在该操作期间,系统会告诉您,不再有随机字节可用,并且需要收集更多的熵,并且您被卡住。 这个简短的指南告诉你如何解决Debian Lenny上的rng-tools
软件包的这个问题。
我不会保证这将为您工作!
1初步说明
假设您要生成GPG密钥:
gpg --gen-key
如果你不幸运,命令可能会在中间停下来,发出如下消息:
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
++++++++++..+++++.+++++++++++++++.++++++++++...+++++++++++++++...++++++
+++++++++++++++++++++++++++++.+++++..+++++.+++++.+++++++++++++++++++++++++>.
++++++++++>+++++...........................................................+++++
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 284 more bytes)
所以我们必须增加熵。 这可以用rng-tools
完成,一个使用硬件真实数字生成器(TRNG)的包。 不要担心,您不需要任何额外的硬件,我们将使用/ dev / urandom
作为我们的真实数字生成器。
2安装和配置rng-tools
rng-tools
包可以安装如下:
apt-get install rng-tools
接下来打开/ etc / default / rng-tools
...
vi /etc/default/rng-tools
...并添加行HRNGDEVICE = / dev / urandom
:
# Configuration for the rng-tools initscript # $Id: rng-tools.default,v 1.1.2.5 2008-06-10 19:51:37 hmh Exp $ # This is a POSIX shell fragment # Set to the input source for random data, leave undefined # for the initscript to attempt auto-detection. Set to /dev/null # for the viapadlock driver. #HRNGDEVICE=/dev/hwrng #HRNGDEVICE=/dev/null HRNGDEVICE=/dev/urandom # Additional options to send to rngd. See the rngd(8) manpage for # more information. Do not specify -r/--rng-device here, use # HRNGDEVICE for that instead. #RNGDOPTIONS="--hrng=intelfwh --fill-watermark=90% --feed-interval=1" #RNGDOPTIONS="--hrng=viakernel --fill-watermark=90% --feed-interval=1" #RNGDOPTIONS="--hrng=viapadlock --fill-watermark=90% --feed-interval=1" |
现在启动rng-tools守护进程:
/etc/init.d/rng-tools start
而已! 现在尝试再次生成你的密钥,例如
gpg --gen-key
...应该成功完成:
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.++++++++++++++++++++..+++++++++++++++++++++++++++++++++++++++++++++++++++++++.+++++
.+++++..+++++.+++++++++++++++++++++++++++++++++++++++++++++.....>.+++++<+++++.....
...>+++++................................+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++.++++++++++..++++++++++...++++++++++...+++++.+++++..+++++.+++++..+++++++++++++++.+++
++++++++++++..+++++++++++++++..++++++++++..+++++++++++++++++++++++++...+++++..+++++>+++
+++++++>.+++++>+++++......................+++++^^^
gpg: key 1F6C9247 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
pub 1024D/1F6C9247 2010-12-06
Key fingerprint = FC81 D8E3 8090 EEE3 1D98 E000 045C D80E 1F6C 9247
uid Falko Timme <ft@falkotimme.com>
sub 2048g/12D6A5B0 2010-12-06
server1:~#
3链接
- Debian: http : //www.debian.org/