Question about message "your system is lacking dev/random (or equivalent)"
Joseph S D Yao
jsdy at tux.org
Wed Apr 14 03:20:19 UTC 2010
On Tue, Apr 13, 2010 at 03:28:51PM -0400, Khuu, Linh MicroTech wrote:
> I just turned on the dnssec-validation today, and I saw lots of messages:
>
> 13-Apr-2010 15:17:17.122 dnssec: debug 3: validating @202be918: 3e77469i48du24agcu5ftfumd6iocmrk.org NSEC3: verify rdataset (keyid=47948): You must use the keyboard to create entropy, since your system is lacking
> /dev/random (or equivalent)
...
Pseudo-random numbers (PRNs) are used a lot in generating crypto keys,
such as those used in DNSSEC. I don't know exactly what needs them here
- it may also be generating random stuff to be encrypted. The OpenSSL
package creates keys using PRNs seeded with "entropy". Under BSD and
Linux systems, this comes from /dev/random and/or /dev/urandom. On
older versions of Solaris, e.g., these pseudo-devices don't exist, and
you need something like the Entropy Gathering Daemon
<http://egd.sourceforge.net/> to create enough entropy for PRNs to be
generated. The device name for the EGD must be compiled into the
software; otherwise, every time it needs entropy, it will ask you to
pound randomly on the keyboard until it thinks it has enough entropy.
http://en.wikipedia.org/wiki/Entropy_%28computing%29
I hope that this helps!
--
/*********************************************************************\
**
** Joe Yao jsdy at tux.org - Joseph S. D. Yao
**
\*********************************************************************/
More information about the bind-users
mailing list