GPG does not have enough entropy

Question

I've got a ton of processes running in the background to try and get enough entropy, but I am still failing.

**We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 210 more bytes)**

I need a method to generate the key that works, cause what I'm trying to do is failing apparently.

Danny Staple · Accepted Answer · 2014-05-21 14:48:04Z

102

Have you had a look at RNG?

Fedora/Rh/Centos types: sudo yum install rng-tools

On deb types: sudo apt-get install rng-tools to set it up.

Then run sudo rngd -r /dev/urandom before generating the keys.

Reference: http://it.toolbox.com/blogs/lim/how-to-generate-enough-entropy-for-gpg-key-generation-process-on-fedora-linux-38022

edited May 21 '14 at 14:48

answered Dec 20 '10 at 21:43

Danny Staple

1,255189

4

Also, on a more serious note, you can use sudo apt-get install rng-tools if you're on Ubuntu instead of sudo yum install rng-utils like they have for Fedora, since no rng-utils package exists for Ubuntu. – Jason Swett Jan 17 '11 at 17:50
4

The package is named rng-tools on both Fedora and EL6, so I suspect a typo in the linked article. BTW, it is a good idea to provide the essential parts of the answer here, and the link for reference, in case the link goes dead in the future. – Michael Hampton♦ Dec 31 '12 at 2:40
11

There is no "low-quality entropy" or "fake entropy" in urandom. urandom calls the same code as /dev/random. There is no need to feed additional randomness into the CSPRNG (except at boottime, and there your distribution should take care of it). This is a myth and should not be propagated. See for example sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers or this video: media.ccc.de/v/32c3-7441-the_plain_simple_reality_of_entropy – Sebastian Dec 30 '15 at 11:30
7

Here's another good one on the urandom myth. – Andrew B Dec 31 '15 at 15:46
2

Most high voted comment is nonsense; unfortunately I see this a lot on SO. Warnings (even when completely wrong) will get a lot of votes and no way to correct them (no comment downvote option) means we can't get rid of the myths. – Stijn de Witt Jun 27 '17 at 8:04

| show 3 more comments

user123456 · Accepted Answer · 2017-03-26 18:15:04Z

26

I was able to generate the key by

apt-get install rng-tools

In another SSH window open

 gpg --gen-key

Go back to your first SSH session and run

sudo rngd -r /dev/urandom

Let this run till gpg generates your keys!

edited Mar 26 '17 at 18:15

user123456

258213

answered Dec 20 '10 at 21:42

Joey BagODonuts

93021216

9

I would definitely recommend against ever using /dev/urandom for generating keys of any importance. – Andrew Barber Dec 21 '10 at 7:09
10

@AndrewBarber Nonsense. It is the recommended method. – David Schwartz May 25 '16 at 19:39
3

@AndrewBarber It's explicitly designed for that purpose. Basically, /dev/random is a design mistake. It should only ever block on first (ever) invocation (on first boot) when no entropy whatsoever was collected yet. Like it does on other OS. Instead we got two pools now. Just never use /dev/random it has no advantages. – Stijn de Witt Jun 27 '17 at 8:09
@AndrewBarber what would you recommend instead? – qodeninja Aug 14 '18 at 22:23

add a comment |

Julien Vehent · Accepted Answer · 2015-12-31 15:09:58Z

To check the amount of bytes of entropy currently available, use

cat /proc/sys/kernel/random/entropy_avail

The entropy bucket is 4096 bytes large, which can very quickly be depleted.

Using this small 'readspeed' tool (http://1wt.eu/tools/readspeed/), you can measure how fast the entropy bucket is filled with different methods.

For example, launch :

$ ./readspeed < /dev/random

and move your mouse around. You will see that 'readspeed' empties the entropy bucket as soon as it is filled, and when you move the mouse, it fills up a bit.

Trying different methods, it seems that keyboard input and mouse movements are the most efficients to replenish that bucket. Network transfers and hard drive copies don't have much influence.

Finally, there are entropy generation devices available, such as this one: http://www.entropykey.co.uk/.

There is no "low-quality entropy" in urandom. urandom calls the same code as /dev/random. This is a myth and should not be propagated. See for example sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers or this video: media.ccc.de/v/32c3-7441-the_plain_simple_reality_of_entropy — Sebastian, Dec 30 '15 at 11:29
This answer is 5 years old. We thought urandom wasn't as safe as random then, but things have changed since and urandom is considered safe. — Julien Vehent, Dec 31 '15 at 15:10
Fact is it was safe from the beginning. The warnings were wrong 7 years ago as well. — Stijn de Witt, Jun 27 '17 at 8:11

Patrick Mevzek · Accepted Answer · 2018-07-02 17:05:39Z

+1 for rng-tools

In case you are stuck in situation as I am - not having permissions to install new software (rng-tools) on a headless server with virtually no input hardware (sound card, keyboard, mouse) attached. You can run this simple code from another terminal connect to same server, to add to the entropy. It does not matters if you start running this before or after starting gpg --gen-key

$ nice -n 19 bash
$ until [ $COUNT -lt 1 ]; do
  let COUNT=`cat /proc/sys/kernel/random/entropy_avail`
  echo "`date` COUNTER $COUNT"
done

First line is to start a new bash shell, with lower priority (I needed to be nice on a server shared by many users). The until loop is infinite, so remember to break it once the key is generated. All it is doing is causing the network traffic to increase the entropy. It also monitors the entropy_avail counter to show how it gets filled and emptied on other side by gpg. In my case, the counter filled up quickly to 64 and got emptied back to 0 (guess gpg picks up in chunk of 64). I was waiting for 4096 bit key generation for over 3 hours on the server. After starting to run this script, it got finished in under 5 min.

I too didn't have root access on the remote server and this worked in creating some entropy. I think the condition should be changed to [ $COUNT -lt 0 ]. Because for a system with really less entropy, it reaches 0 sometimes and stops. GPG is really entropy hungry. — Ajay Brahmakshatriya, Oct 18 '18 at 23:58

DMfll · Accepted Answer · 2016-06-14 12:03:40Z

I was bound and determined to generate entropy on my headless Ubuntu 14.04 server in order to generate a 4096 key with gpg --gen-key

There is a package for generating entropy called haveged. Example of install:

sudo apt-get install haveged

I had to sudo apt-get install rng-tools since it is a dependency in the following test.

Example of a test to see if entropy is generated by haveged:

cat /dev/random | rngtest -c 1000

A very small amount of failures is acceptable in any random number generator, but you can expect to see 998-1000 successes very often when using hovered.

I found out about it in a tutorial here:

https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged

I now have keys after running gpg --gen-key

asked	8 years ago
viewed	66,879 times
active	6 months ago

Stack Exchange Network

current community

your communities

more stack exchange communities

GPG does not have enough entropy

5 Answers 5

Your Answer

Not the answer you're looking for? Browse other questions tagged linux ubuntu gpg or ask your own question.

Linked

Hot Network Questions

GPG does not have enough entropy

5 Answers 5

Your Answer

Sign up or log in

Post as a guest

Not the answer you're looking for? Browse other questions tagged linux ubuntu gpg or ask your own question.

Linked

Related

Hot Network Questions