gpg --gen-key: gaining enough "entropy"

Networking/Security Forums -> Cryptographic Software and Hardware

Author: rawbone72 PostPosted: Tue May 04, 2010 1:41 am    Post subject: gpg --gen-key: gaining enough "entropy"
    ----
Hello,

I am trying to use gpg-gen on my Ubuntu system to generate PGP keys and am getting the message:

"Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 281 more bytes)"

I've read quite a few posts and threads and even a webpage dedicated to the concept of generating keys, \/dev\/random, gaining enough "entropy", etc - but cannot seem to satisfy my installation of gpg. I am ssh'ing into the machine, so keyboard/mouse activity at the moment is not part of the equation. I could get over there on the console if necessary. I have opened up several sessions and done the following things simultaneously in different windows:

find / &
grep -R *whatever* ./*
top
sftp'ing large files over from other machines
a shell script that iteratively runs the "who" command
du -sk * from "/"

Yet when I watch /proc/sys/kernel/random/entropy_avail I don't see that number going above 190, and I assume that based on the above prompt - and this is just a guess - that the number needs to get above 281 for some period of time. In fact, even when I have several of the above things going, it is hard to tell whether I am really influencing that number or not. I don't see a strong pattern in the fluctuation of that number.

Does anyone have any suggestions for getting this gpg thing to work?

Thanks,

-Robin

Author: capiLocation: Portugal PostPosted: Wed May 05, 2010 12:24 am    Post subject:
    ----
Hi,

You really shouldn't create the key pair remotely. It is hard to generate enough good quality entropy without actual physical interaction with the machine. Also, the SSH daemon will eat away most of your entropy to maintain the active ssh connection.

If you can physically walk over to the machine and play with the keyboard and mouse on the console, that would be best -- see the GPG FAQs Why does it sometimes take so long to create keys? and And it really takes long when I work on a remote system. Why?

Another solution would be to create the key pair on your local system, then upload it to the remote machine.

Author: hackerisland PostPosted: Sat Jan 15, 2011 7:04 am    Post subject:
    ----
There's also a possibility that a program aside from SSH is eating up the entropy. If you have the ability to kill unnecessary processes this might be a place to start.

Author: normat0211 PostPosted: Tue Mar 22, 2011 9:29 am    Post subject: gpg --gen-key: gaining enough "entropy"
    ----
Just give a look to http://www.question-defense.com/2010/03/03/not-enough-random-bytes-available-please-do-some-other-work-to-give-the-os-a-chance-to-collect-more-entropy-need-283-more-bytes ,it will help you or for second option ,see http://www.chrissearle.org/node/326



Networking/Security Forums -> Cryptographic Software and Hardware


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group