Not enough random bytes available
by Carson Reynolds
Suppose I am wanting a new key and thusly fire up gpg:
After entering the usual information I come face to face with:
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++.+++++++++++++++++++++++++++++++++++++++++++++++++++++++.++++++++++++ +++.+++++..+++++.++++++++++++++++++++..+++++++++++++++..+++++.++++++++++>+ ++++...+++++ Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 283 more bytes)
On first encounter with this dialog, I thought: “they are joking right?” But it turns out the key generator is not joking at all.
Depending on how many bits you chose for your keysize, you might be waiting for quite some time (perhaps hours, maybe days). So I found myself asking (1) how can I gain entropy (2) how much entropy is available.
On Linux at least, gpg uses /dev/random as a source of high quality random bits. Word on the street is that random gets its high quality bits by transforming interrupt events.
So on the first note (how to gain entropy) it seems like you can generate some interrupts by using the keyboard, disk, or network. A good way to do this is to use your computer (downloading and compiling are really good activities). Alternatively, you can install a user space entropy gathering system like EGD. Or, if you are really a key-generating addict, you can get some special hardware.
On the second note (how much entropy are you gaining) on Linux you can watch the entopy pool by observing the appropriate spot in the /proc system:
watch cat /proc/sys/kernel/random/entropy_avail
When that number goes up, you are doing the right thing. Eventually, you will get some more ascii noise indicating that gpg is making progress. Finally you should see something similar to:
+++++...++++++++++..++++++++++++++++++++..++++++++++.....+++++..++++++++++ ++++++++++++++++++++++++++++++.+++++.++++++++++++++++++++.+++++..+++++++++ +++++++++++.+++++...+++++.+++++++++++++++>+++++.+++++++++++++++++++++++++. ++++++++++.++++++++++>+++++...............>+++++.............+ ++++.+++++..................+++++^^^^^^^^^ gpg: key 2BC5527E marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u gpg: next trustdb check due at 2008-08-27 pub 1024D/2BC5527E 2007-08-28 [expires: 2008-08-27] Key fingerprint = 1445 DE3C 3F54 CD3E BB48 3B1C 516D F284 2BC5 527E uid Carson Reynolds sub 4096g/B4E02D04 2007-08-28 [expires: 2008-08-27]
Anyway, I hope if you encounter the “Not enough random bytes available.” message, you can use this post to figure out what it’s about and how to reduce your waiting time.