PRNG Seed

PRNG Seed

am 01.07.2002 22:30:55 von Mike Barrett

--
I've been reading FAQ's and mail archives for days, but I don't seem
to be making any progress. Please help.

I keep getting the following error:

[Mon Jul 01 15:52:33 2002] [info] Init: Initializing OpenSSL library
[Mon Jul 01 15:52:33 2002] [info] Init: Seeding PRNG with 0 bytes of entropy
[Mon Jul 01 15:52:33 2002] [warn] Init: PRNG still contains not
sufficient entro
py!
[Mon Jul 01 15:52:33 2002] [info] Init: Generating temporary RSA
private keys (5
12/1024 bits)
[Mon Jul 01 15:52:33 2002] [error] Init: Failed to generate temporary
512 bit RS
A private key
Configuration Failed


I have tried the following options for SSLRandomSeed with the same results:
#SSLRandomSeed startup builtin
#SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/usr/local/apache2/conf/rand.dat
#SSLRandomSeed connect file:/usr/local/apache2/conf/rand.dat
#SSLRandomSeed startup file:/dev/egd-pool 512
#SSLRandomSeed connect file:/dev/egd-pool 512
#SSLRandomSeed startup egd:/dev/egd-pool
#SSLRandomSeed connect egd:/dev/egd-pool
#SSLRandomSeed startup exec:/usr/local/ssl/bin/openssl rand 512
#SSLRandomSeed connect exec:/usr/local/ssl/bin/openssl rand 512
SSLRandomSeed startup exec:"/usr/local/ssl/bin/openssl rand 512"
SSLRandomSeed connect exec:"/usr/local/ssl/bin/openssl rand 512"


/usr/local/apache2/conf/rand.dat was created using
/usr/local/ssl/bin/openssl rand -out /usr/local/apache2/conf/rand.dat
512 (openssl-0.9.6d) and seems to be full of very random data.

The socket at /dev/egd-pool was created using
/usr/local/sbin/prngd /dev/egd-pool

It seems to me, with my limited experience, that many of these
methods should have worked to seed the random number generator with a
few bits of entropy. Is there any other directive that could affect
the error I'm getting?

I'd also appreciate it if someone could explain to me why openssl can
dump out reams of randomness when called from the command line, but
doesn't have enough entropy to create a temporary key when my apache
2.0.39 comes to call.

Thanks,

- Mike
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org