Not enough random bytes available
by Carson Reynolds
As a periodic user of gpg (by way of emacs’s crypt++) I sometimes encounter the somewhat entertaining “Not enough random bytes available” message.
Suppose I am wanting a new key and thusly fire up gpg:
After entering the usual information I come face to face with:
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++.+++++++++++++++++++++++++++++++++++++++++++++++++++++++.++++++++++++ +++.+++++..+++++.++++++++++++++++++++..+++++++++++++++..+++++.++++++++++>+ ++++...+++++ Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 283 more bytes)
On first encounter with this dialog, I thought: “they are joking right?” But it turns out the key generator is not joking at all.
Depending on how many bits you chose for your keysize, you might be waiting for quite some time (perhaps hours, maybe days). So I found myself asking (1) how can I gain entropy (2) how much entropy is available.
On Linux at least, gpg uses /dev/random as a source of high quality random bits. Word on the street is that random gets its high quality bits by transforming interrupt events.
So on the first note (how to gain entropy) it seems like you can generate some interrupts by using the keyboard, disk, or network. A good way to do this is to use your computer (downloading and compiling are really good activities). Alternatively, you can install a user space entropy gathering system like EGD. Or, if you are really a key-generating addict, you can get some special hardware.
On the second note (how much entropy are you gaining) on Linux you can watch the entopy pool by observing the appropriate spot in the /proc system:
watch cat /proc/sys/kernel/random/entropy_avail
When that number goes up, you are doing the right thing. Eventually, you will get some more ascii noise indicating that gpg is making progress. Finally you should see something similar to:
+++++...++++++++++..++++++++++++++++++++..++++++++++.....+++++..++++++++++ ++++++++++++++++++++++++++++++.+++++.++++++++++++++++++++.+++++..+++++++++ +++++++++++.+++++...+++++.+++++++++++++++>+++++.+++++++++++++++++++++++++. ++++++++++.++++++++++>+++++...............>+++++.............+ ++++.+++++..................+++++^^^^^^^^^ gpg: key 2BC5527E marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u gpg: next trustdb check due at 2008-08-27 pub 1024D/2BC5527E 2007-08-28 [expires: 2008-08-27] Key fingerprint = 1445 DE3C 3F54 CD3E BB48 3B1C 516D F284 2BC5 527E uid Carson Reynolds sub 4096g/B4E02D04 2007-08-28 [expires: 2008-08-27]
Anyway, I hope if you encounter the “Not enough random bytes available.” message, you can use this post to figure out what it’s about and how to reduce your waiting time.
Hmm I keep typing and typing words into the screen… till my sheel hang. I can’t sue my mouse as well… unlike Windows ver of gpg.
Anyway other ways to generate more activity ? Do you use a separate shell to gen more tasks ?
Just open browser, and search for this issue. This was already enough to get my key generation finished.
To gen entropy do a simple “ls -R /” … will get your entropy up. I had to do this withe compiling a linux kernel and it drove me nuts waiting ..SO I found this :))
I managed to fix mine with “apt-get source openssh-server”. I also tried using “dd if=/dev/sda of=/dev/null” though it didn’t have much of an affect.
ls -R / solved it for me 😛
I loaded a a large Mysql database a couple times and that worked!
Nice article! You can also increase entropy ratio by using the guchaos command (available on http://vladz.devzero.fr/soft/GUChaos.c.html). It retrieves random bytes securely from random.org and add them to your system.
+1 for ls -R /
This worked for me as well! Thanks for the tip!
Thanks a lot .
ls -R / really works
Yeap, confirmed “ls -R /” did it for me as well. This was on a remote Linux server with only command line/no X. I had been waiting for ~15 minutes the first go around running a “while [[ 1 ]]; echo “$RANDOM” >> /tm/output_random_data; done” and downloading an ISO. I stopped gpg –gen-key and ran into this article. The recursive ls command generated enough entropy for gpg within 30 seconds …
Had to run it several times, but yes, worked for me too. Thanks a lot!
[…] https://sublimated.wordpress.com/2007/08/28/not-enough-random-bytes-available/ – Entropy http://macgpg.sourceforge.net/docs/howto-build-gpg-osx.txt.asc – Technical How-To http://www.madboa.com/geek/gpg-quickstart/ – Quickstart Guide http://www.gnupg.org/gph/en/manual.html – GnuPG Manual http://www.cyberciti.biz/tips/linux-how-to-encrypt-and-decrypt-files-with-a-password.html – Basics Usage […]
yup… ls -R / works
Thanks for the tips, it is indeed a bit of a challenge to get this rolling via a SSH connection.
What finally did it for me was running “sudo tcpdump” for a while.
ls -R/ is not working in my case. Please suggest some other option, less entropy level is good or it should be high? I am not much aware abt it.