I'm looking for the method used by EJBCA to generate the private keys in general (CA, Sub-Ca, certificates...).
Let say for instance you want RSA 2048 key size. Is the generation process all done in EJBCA application ? Do they rely on Java EE-based application server random generation (in my case Jboss) ? Is there a link somewhere with the locally implemented random number generation, so for instance on Linux /dev/(u)random ?
What is the level of entropy, and do they guaranty one ?
I have openresty set up on a server (nginx bundle which includes the lua module) and I'm trying to create a script which has specific odds of setting a cookie on a user's browser. My code looks like this:
location =/index.php {
set $random_num 0;
rewrite_by_lua '
marth.randomseed(1);
nvx.var.random_num = math.random(0,3);
';
add_header Set-Cookie "random_num=$random_num; path=/; domain=...com;";
}
I know my random seed function isn't actually very random, but I figured I'd deal with that later. At the moment I'm just trying to get nginx to set a random number, but doing so yields this error:
2012/07/11 11:27:20 [error] 5492#0: *44 lua handler aborted: runtime error: [string "rewrite_by_lua"]:3: attempt to ind
ex global 'marth' (a nil value)
stack traceback:
Can anyone tell me what I'm doing wrong, and if there's any other way to get a random number in nginx?
Apparently, /dev/random is based on hardware interrupts or similar unpredictable aspects of physical hardware. Since virtual machines don't have physical hardware, running cat /dev/random within a virtual machine produces nothing. I'm using Ubuntu Server 11.04 as the host and guest, with libvirt/KVM.
I need to set-up Kerberos inside a VM, but krb5_newrealm just hangs forever "Loading random data", since the system isn't producing any.
Does anyone know how to work around this? Is is possible to pass the host's /dev/random (which is very chatty) into the vm so the vm can use it's random data?
I've read that there are some software alternatives, but they aren't good for cryptology since they aren't random enough.
EDIT: It appears that cat /dev/random on the vm does produce output, just very, very slowly. I got my realm set-up by waiting about two hours while it was "Loading random data". Eventually it got enough to continue. I'm still interested in a way to accelerate this though.
read /dev/urandom 3
The above is not working..How can I read random bytes from /dev/urandom in bash?
Having just configured Munin for statistics logging on my gentoo server (hardened profile), I am noticing that my "Available entropy" is consitently in the 200-300 range. This seems way to low, so I checked it manually using the command
$ cat /proc/sys/kernel/random/entropy_avail
3544
Odd. Consistently very low values in Munin and practically filled up when checking manually. After thinking about the problem for a while I came to the conclusion that the problem is probably that I'm using Adress Space Layout Randomization which is using the entropy when running commands/programs. Since Munin runs a whole slew of programs all the entropy is used up, and Munin then measures how much entropy there is, resulting in the low values.
Does anyone have any experience with this? How can this be avoided?