Not enough random bytes available

by Carson Reynolds

As a periodic user of gpg (by way of emacs’s crypt++) I sometimes encounter the somewhat entertaining “Not enough random bytes available” message.

Suppose I am wanting a new key and thusly fire up gpg:

gpg --gen-key

After entering the usual information I come face to face with:

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++.+++++++++++++++++++++++++++++++++++++++++++++++++++++++.++++++++++++
+++.+++++..+++++.++++++++++++++++++++..+++++++++++++++..+++++.++++++++++>+
++++...+++++

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 283 more bytes)

On first encounter with this dialog, I thought: “they are joking right?” But it turns out the key generator is not joking at all.

Depending on how many bits you chose for your keysize, you might be waiting for quite some time (perhaps hours, maybe days). So I found myself asking (1) how can I gain entropy (2) how much entropy is available.

On Linux at least, gpg uses /dev/random as a source of high quality random bits. Word on the street is that random gets its high quality bits by transforming interrupt events.

So on the first note (how to gain entropy) it seems like you can generate some interrupts by using the keyboard, disk, or network. A good way to do this is to use your computer (downloading and compiling are really good activities). Alternatively, you can install a user space entropy gathering system like EGD. Or, if you are really a key-generating addict, you can get some special hardware.

On the second note (how much entropy are you gaining) on Linux you can watch the entopy pool by observing the appropriate spot in the /proc system:

watch cat /proc/sys/kernel/random/entropy_avail

When that number goes up, you are doing the right thing. Eventually, you will get some more ascii noise indicating that gpg is making progress. Finally you should see something similar to:

+++++...++++++++++..++++++++++++++++++++..++++++++++.....+++++..++++++++++
++++++++++++++++++++++++++++++.+++++.++++++++++++++++++++.+++++..+++++++++
+++++++++++.+++++...+++++.+++++++++++++++>+++++.+++++++++++++++++++++++++.
++++++++++.++++++++++>+++++...............>+++++.............+
++++.+++++..................+++++^^^^^^^^^

gpg: key 2BC5527E marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   3  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 3u
gpg: next trustdb check due at 2008-08-27
pub   1024D/2BC5527E 2007-08-28 [expires: 2008-08-27]
      Key fingerprint = 1445 DE3C 3F54 CD3E BB48  3B1C 516D F284 2BC5 527E
uid                  Carson Reynolds 
sub   4096g/B4E02D04 2007-08-28 [expires: 2008-08-27]

Anyway, I hope if you encounter the “Not enough random bytes available.” message, you can use this post to figure out what it’s about and how to reduce your waiting time.

Advertisements