[Opendnssec-user] ods-signerd calling vmstat?!?

Rickard Bellgrim rickard at opendnssec.org
Wed Sep 4 21:25:09 UTC 2013


> > Also, if earlier polls (eg /dev/random or EGD) succeed, then we
> > will never query these sources at all, as spawning off all
> > these processes is quite slow, so we avoid it except in cases
> > where it is necessary due to lack of other options.
>
> Ref. above, I'm still seeing these messages, indicating that
> either the Botan library didn't get the required bits from
> /dev/random or /dev/urandom (which should in itself be an
> inexhaustible source of pseudo-random bits), or this statement
> isn't quite correct for the version I'm using.
>
> My botan package is version 1.8.14 (which could possibly stand an
> update to at least something 1.10ish).
>

I might see an issue in the Botan code. I will verify this with Jack, but
the issue might be that it breaks out from the for-loop in the
Device_EntropySource, even if the polling goal is not fulfilled. When
reading from /dev/random, you might not get all bytes as you requested.
When returning from the Device_EntropySource, the RNG will notice this and
continue to the next entropy source type. Thus not even trying the
/dev/urandom.

// Rickard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20130904/33c5b9b6/attachment.htm>


More information about the Opendnssec-user mailing list