Entropy Blocking

Bob Johnson fbsdlists at gmail.com
Tue Aug 9 21:35:56 GMT 2005

On 8/9/05, Kris Kennaway <kris at obsecurity.org> wrote:
> On Mon, Aug 08, 2005 at 04:30:12PM -0600, Danny MacMillan wrote:
> > On Mon, 08 Aug 2005 07:09:35 -0600, Wes Will <wes at farreaches.org> wrote:
> > 
> > >I guess nobody gives rat-rump about the entropy problem.
> > >
> > >Figures.
> > >
> > >--
> > >www
> > 
> > The people who know how to help you probably didn't read your original  
> > question, since it was posted under a very misleading subject line.  You 
> > may experience better results if you re-post your question with a more  
> > appropriate subject line (the one you used to start this thread wouldn't 
> > be a bad choice).
> And drop the bad attitude, even if you are feeling upset.  People are
> not likely to want to help you if you come across as grumpy.
> Kris
I second that.  I looked for the question and couldn't find it.  With
the clue that the subject line has absolutely nothing to do with the
question, I finally found it, and you had an attitude problem then,

Here's your original question, if I got the right one:

> The problem I am having starts with:
> "Entropy Device is Blocking"

That is not enough description to give most of us a decent chance at
guessing what you are talking about.  WHEN do you get the error
message?  What is the actual message?  Do you know what process issued
the message?  What version of FreeBSD are you using?

> Whose great idea was this one, anyway?  I'm all about security, believe me.
>  I have a Master's in IT, and my specialization was (you guessed it)

Hmm, I've got one of those Master's thingies around here somewhere. 
It's too old and worn out to be worth boasting about, though.  Got it
in 1986.

Reminds me of http://ars.userfriendly.org/cartoons/?id=20050609&mode=classic
(don't fail to go back and read the previous days, too).

> Information Security.  From all that book-larnin', one thing stands out.
> If you make SECURITY interfere with GETTING THE BLOODY JOB DONE, security
> will be the first thing tossed out the window.

Yep.  And when you treat the VOLUNTEERS that you are asking for help
with disdain, guess what then gets thrown out the window?  Hint: the
desire to help you.  Perhaps you should sign up for paid user support
from one of the fine vendors that provide that service.

> At boot, everything basically fails because of the lack of entropy.  I have

Everything fails?  You don't get any console output whatsoever to give
us a clue what's failing?  No log files?  Nothing more than "Entropy
Device is Blocking"?

> modified files to give various IRQ's for entropy generation.  I have read
> and searched (and had search engine failures), trying to find out more
> information on the problem and how to resolve it.  No luck thus far.

I suspect the reason you can't find information on the problem is that
it isn't a problem for the rest of us.  It sounds like you did
something unusual.

Did you use the "standard" install, or did you try to do something special?  

Which version of FreeBSD are you using?

> Can anyone give me the pointer to the piece of the fscking manual that
> tells me how to configure this beast to save a seed at shutdown and then
> use that seed file at startup instead of just dying and leaving me with a

It already does that.  At least, for me it does, right out of the box.
 Or CD drive, or whatever I got it out of.

Is there a file named "/entropy" on your system?  

What version of FreeBSD are you using?

> system that is half-booted, or failing that simple request, how to work
> "preseedrandom" into the system startup so that it will happen BEFORE
> entropy is required?

In addition to some addition context regarding when the error message
appears, and which version of FreeBSD you are using, the contents of
/etc/rc.conf and any other files you changed might be informative.  If
that's a long list, it might save time to reinstall the system from
scratch and then ask questions so we have some idea of what we are
working with.

- Bob

