The Entropy Is Strong With This One
The plan for today was quite straightforward. Wake up, shower, do some work on the flash CD, and contact a few more companies about my change of address. Unfortunately, things started to go wrong after 'wake up'. I have no entropy.
I have a script that monitors web-pages and e-mails me when there is a change - useful for making sure my sites haven't gone wrong and watching out for changes to other pages on the internet that I'm interested in. Since the move, the server it was running on is now permanently offline, so I decided to move it over this morning before I started my work. Shouldn't take long.
Unfortunately, it turns out that the new server couldn't send mail. After many hours of googling, I found out that the problem is simple. I have no entropy.
The server runs exim, which uses GnuTLS to generate a secure key. That needs to read from /dev/random, which in turn generates its randomness from the entropy pool. Which, on my server, is empty.
The idea of the entropy pool is that it is fed by internal sources that cannot be controlled or predicted from the outside, making it an acceptably random random number generating source. These internal sources are things like mouse and keyboard input. That's great, but this is a headless server - the only things that happen are disk access and network traffic. Now, for some reason, disk access wasn't contributing, and in kernel 2.6, network traffic is deemed predictable, and there is no longer an option to allow network devices to contribute to the entropy. As a result, my entropy pool was empty, all the time. Now, when /dev/random cannot read from the entropy pool, it waits until it can - in other words, when I tried to send an e-mail, it would sit still waiting for entropy that would never come. There are hardware random number generators available - unfortunately my hardware doesn't support them. There is also urandom, but that can, in theory, be predicted.
Most sane people would just go for the sensible option - remove /dev/random and replace it with a symlink to /dev/urandom - it's good enough, and would have meant I'd have sorted it all out within a few minutes. But, as I'm sure Tristan will agree, when did I ever go for the sensible option? Which left me with only one choice.
It turns out that it's quite simple to modify the kernel network drivers to add to the entropy pool. But it took me all morning to find that out.
I have now recompiled the kernel, and after a little bit of network traffic, my entropy pool is now full, and the e-mail has been sent. Now for a shower.
Comments
Should i assume that times when you aren't making an entry on here are times when you actually dont have a computer problem as in "i turned them all on and they all worked" or "i did some code and it didn't have too many / no obscene bugs". Or do i assume that those other days things are not as interesting computer problems. ~:P
Times when I don't have any problems, I'm working. It is even more dull than the problems, so I don't bother writing about them :)
Half the reason I write about the problems is so that when they happen to me again (which they will), I'll be able to go back through my archive and see what I did to fix it last time ;)
Leave a comment
- Add a comment - it's quick, easy and anonymous