帮助随机数生成器获得足够的熵与rng工具(Debian Lenny)

帮助随机数生成器使用rng工具获得足够的熵(Debian Lenny)

您可能会知道这种情况:您要生成GPG或SSL密钥,并且在该操作期间,系统会告诉您,不再有随机字节可用,并且需要收集更多的熵,并且您被卡住。 这个简短的指南告诉你如何解决Debian Lenny上的rng-tools软件包的这个问题。

我不会保证这将为您工作!

1初步说明

假设您要生成GPG密钥:

gpg --gen-key

如果你不幸运,命令可能会在中间停下来,发出如下消息:

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
++++++++++..+++++.+++++++++++++++.++++++++++...+++++++++++++++...++++++
+++++++++++++++++++++++++++++.+++++..+++++.+++++.+++++++++++++++++++++++++>.
++++++++++>+++++...........................................................+++++
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 284 more bytes)

所以我们必须增加熵。 这可以用rng-tools完成,一个使用硬件真实数字生成器(TRNG)的包。 不要担心,您不需要任何额外的硬件,我们将使用/ dev / urandom作为我们的真实数字生成器。

2安装和配置rng-tools

rng-tools包可以安装如下:

apt-get install rng-tools

接下来打开/ etc / default / rng-tools ...

vi /etc/default/rng-tools

...并添加行HRNGDEVICE = / dev / urandom

# Configuration for the rng-tools initscript
# $Id: rng-tools.default,v 1.1.2.5 2008-06-10 19:51:37 hmh Exp $

# This is a POSIX shell fragment

# Set to the input source for random data, leave undefined
# for the initscript to attempt auto-detection.  Set to /dev/null
# for the viapadlock driver.
#HRNGDEVICE=/dev/hwrng
#HRNGDEVICE=/dev/null
HRNGDEVICE=/dev/urandom

# Additional options to send to rngd. See the rngd(8) manpage for
# more information.  Do not specify -r/--rng-device here, use
# HRNGDEVICE for that instead.
#RNGDOPTIONS="--hrng=intelfwh --fill-watermark=90% --feed-interval=1"
#RNGDOPTIONS="--hrng=viakernel --fill-watermark=90% --feed-interval=1"
#RNGDOPTIONS="--hrng=viapadlock --fill-watermark=90% --feed-interval=1"

现在启动rng-tools守护进程:

/etc/init.d/rng-tools start

而已! 现在尝试再次生成你的密钥,例如

gpg --gen-key

...应该成功完成:

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.++++++++++++++++++++..+++++++++++++++++++++++++++++++++++++++++++++++++++++++.+++++
.+++++..+++++.+++++++++++++++++++++++++++++++++++++++++++++.....>.+++++<+++++.....
...>+++++................................+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++.++++++++++..++++++++++...++++++++++...+++++.+++++..+++++.+++++..+++++++++++++++.+++
++++++++++++..+++++++++++++++..++++++++++..+++++++++++++++++++++++++...+++++..+++++>+++
+++++++>.+++++>+++++......................+++++^^^
gpg: key 1F6C9247 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
pub   1024D/1F6C9247 2010-12-06
      Key fingerprint = FC81 D8E3 8090 EEE3 1D98  E000 045C D80E 1F6C 9247
uid                  Falko Timme <ft@falkotimme.com>
sub   2048g/12D6A5B0 2010-12-06

server1:~#

3链接

赞(52) 打赏
未经允许不得转载:优客志 » 系统运维
分享到:

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏