[SOLVED] is it normal that dnssec-keygen be this much slow ?

ali.abry · 04-17-2013, 12:43 PM

Hi
is it normal that dnssec-keygen be this much slow ?
i use this command :

Code:

$ sudo dnssec-keygen -a rsasha1 -b 2048 -n ZONE example.com
Generating key pair............

but after several minutes nothing happens.

alkk · 04-17-2013, 03:24 PM

There are no enough entropy in the system; some i/o should resolve that (try to run "find /" in another window)

ali.abry · 04-17-2013, 04:57 PM

I tried it but nothing changed.
it steel tacks so long and nothing happens .

chrism01 · 04-17-2013, 07:21 PM

alkk is basically right; this requires a of of entropy. Think system usage.
Easiest is to fire this off in one window, then go on with normal work in other windows until its done.
IF no GUI, background the job with '&'.

ali.abry · 04-19-2013, 06:16 AM

is there a workable way that i could make enough entropy ?

jpollard · 04-19-2013, 04:01 PM

Quote:

Originally Posted by ali.abry

is there a workable way that i could make enough entropy ?

No.

Entropy, to be valid, has to be random. "Making" entropy is automatically not random...

ali.abry · 04-21-2013, 03:15 AM

thanks every one .
so the only fast way that i found is to use /dev/urandom instead of using /dev/random . you can specify the source of random by using -r /dev/urandom in
dnssec-keygen command.
there's also a way in here http://www.howtoforge.com/helping-th...s-debian-lenny
tp make enough entropy . i didn't try it my self

jpollard · 04-21-2013, 05:50 AM

urandom is not really a source of truly random numbers. It is a pseudorandom number generator that (as I understand it) starts from a seed from random, but if the entropy isn't there, it is purely a pseudorandom number generator with its own seed.

The tools you point to would use a hardware random number generator - if it is available. Otherwise it too is a pseudorandom number generator, just a different one.