# entropy? What has happened?

## eltech

Hello ...

Ok.. as per another thread .. i was noticed that my apache was presenting any pages; yet it was running. Never had any problems before so i did some searching. I found that something called entropy was at 0 and i needed to install clrngd to help create entropy. So i emerged the package and all i sup and running, but today i noticed that apache was hanging again. I go to check logs, and processes and notice that clrngd wasnt running and entropy was 0.

So i start it up and the entropy is raised to 1024 .. So now im running tail -f on logs and notice the output below.

```
Apr 17 16:21:24 [clrngd] FIPS test failed

                - Last output repeated twice -

Apr 17 16:23:37 [clrngd] Too many FIPS tests failed, apparently mainboard timers are too good or too few to provide real entropy

Apr 17 16:23:37 [clrngd] Exiting.

```

So the problem is i dont understand what the error means, but i know that eventually apache will stop presenting pages once entropy hits 0

Anyone have an idea what may be wrong?

Regards,

Lenny   :Crying or Very sad: 

----------

## pigeon768

Entropy is the pool of random numbers for your system. Truly random numbers are available at /dev/random. Pseudo random numbers are available at /dev/urandom. Your problem is that /dev/random has run out.

It can be regenerated by mouse movements, keyboard inputs, and IDE interrupts. If you use the system as a regular desktop system, you shouldn't run out due to mouse/keyboard spam. IDE interrupts may or may not be sufficient, depending on how often your hard disks get accessed.

Another alternative is to use /dev/urandom instead of /dev/random, or to use EGD. Neither of these ever run out of random numbers; /dev/urandom doesn't actually supply truly random numbers, just random-looking hashes, and I think EGD uses network traffic or something or other instead of keyboard/mouse traffic. I'm not particularly sure how to set either of these myself. It's set with apache's SSLRandomFile[PerConnection] directive, but that's all I know. Google for apache urandom or apache egd.

Or better yet, if you have an Intel 8xx or an AMD 76x based motherboard, in your kernel set Device Drivers -> Character Devices -> Intel/AMD/Via HW Random Number Generator support as a module. 'make modules modules_install' and modprobe hw_random. If it doesn't fail, you have a hardware random number generator. Now emerge rng-tools and add its init script to default. It should supply /dev/random with a supply of random goodness. But, it only works with certain motherboards and/or processors.

The lazy man's solution is to simply spam on the keyboard/mouse every now and then.

----------

## eltech

pigeon, thanks... sounds like i may have some work to do ..

i dont have the option in the kernel, but i can say that i noticed this problem since upgrading the kernel recently .. is this possible? something in the kernel?

anyone else have any other solutions or know how to setup the urandom?

Thanks!

Lenny

----------

## eltech

Well .. i decided to take the time to tackle this and found the wiki

```

 Not Enough Entropy

If Apache2

    * accepts connections

    * does not respond to clients

    * creates exactly one process

    * is not stopped by 

/etc/init.d/apache2 stop

Check to see how much entropy is available using:

cat /proc/sys/kernel/random/entropy_avail

If little entropy (less than 100) is available, Apache2 is probably waiting for more so it can generate the secret for digest authentication (mod_auth_digest). To generate more entropy, just do something else for a little while. Grepping the kernel or emerging a package usually works well.

The video-entropyd and audio-entropyd supply /dev/random with entropy gathered from your video and audio devices, respectively. If you have a hardware random number generator (RNG), you can emerge rng-tools and run rngd.

If there's still a shortage of entropy, [b]you can enable the urandom USE flag and re-emerge APR and Apache2[/b][color=red] [/color]. This makes APR use /dev/urandom, which falls back to a pseudorandom number generator when there isn't enough entropy. The program gets a number immediately, but it is cryptographically weaker. This is okay for some things (e.g. solitaire), but completely unacceptable for others (like PGP key generation). 
```

So i did as it says .. and lets see what happens

Thanks  :Smile: 

----------

## eltech

BTW .. no problems since using this wiki ..

----------

## madCoder|GN

I wish I had found this sooner  :Smile:   This fixed my problem.  A simple "emerge -s to" (or some other small phrase that will find a LOT of entries) is enough to generate entropy.

----------

## bunder

 *madCoder|GN wrote:*   

> I wish I had found this sooner   This fixed my problem.  A simple "emerge -s to" (or some other small phrase that will find a LOT of entries) is enough to generate entropy.

 

`find /` is another good one for generating entropy.

----------

