[prev in list] [next in list] [prev in thread] [next in thread]
List: kroupware
Subject: Re: SSL/TLS entropy problem,
From: Stéphane_Konstantaropoulos <skonstant () sgul ! ac ! uk>
Date: 2006-11-17 13:30:18
Message-ID: 200611171330.19021.skonstant () sgul ! ac ! uk
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Le vendredi 17 nov 2006 08:24, Bernhard Reiter a écrit :
> Hi Divan,
>
> On Friday 17 November 2006 08:46, Divan Santana wrote:
> > I am glad to contribute this fix back. I hope someone finds it useful.
> > I think it might be kubuntu specific.
> >
> > http://www.kolab.org/pipermail/kolab-users/2006-February/004394.html
> > mv /dev/random /dev/random.backup
> > ln -s /dev/urandom /dev/random
>
> note that doing this is likely to weaken the encryption of your SSL and TLS
> connections. The applications that need higher quality entropy will use
> /dev/random and might now get lower quality.
>
> See http://en.wikipedia.org/wiki//dev/random
> for the differences of /dev/random and /dev/urandom.
>
> A better fix probably is to add a hardware entropy generator
> or to find out why the entropy is empty.
>
> > Can't believe that fixed it. I don't quite understand but at least its
> > working.
> >
> > Now POP doesn't time out randomly etc.
>
> If /dev/random does not have enough entropy ready it will block
> and thus cause a timeout.
>
> Bernhard
Right so, use /dev/hw_random if you want good quality and high speed at the
same time, all recent intel, AMD and Via processors have such a device.
You need to load hw_random module, or amd-rng or intel-rng on newer kernels.
(add the modrprobe command to your init scripts and you'll be sorted)
--
Stéphane Konstantaropoulos <skonstant@sgul.ac.uk>
-- Web Developer - Computing Services
--- St George's University of London
[Attachment #5 (application/pgp-signature)]
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
Kolab-users mailing list
Kolab-users@kolab.org
https://kolab.org/mailman/listinfo/kolab-users
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic