It takes me about 85 minutes to generate a 1024 bit key for dnssec.
I'd like to install a
random number generator to speed the process up. Do you have any
suggestions, recommendations or reviews that I might consider?

thanks,
-Marcus

On Sat, Aug 30, 2008 at 8:17 PM, Mark Andrews wrote:
>
>> On Sun, 31 Aug 2008 02:40:36 you wrote:
>> > > Hello all-
>> > >
>> > > The following command-
>> > >
>> > > /usr/local/sbin/dnssec-keygen -r /dev/random -f KSK -a RSASHA1 -b 1024 -n
>> > > ZON E
>> > > example.com
>> > >
>> > > stalls. The system is Slackware Linux 12.1 with kernel 2.6.23-11.
>> > >
>> > > Michael
>> >
>> > You need to cause the kernel to gather entropy. The way to
>> > do that is to make the kernel do work.
>> >
>> > e.g.
>> > ls -R /

>>
>> While this does increase the entropy to over 3,000, it still doesn't work (an
>> d
>> the entropy sinks within a few seconds anyway)

>
> When generating large keys I just keep running "ls -R /" until the
> key generation completes. You can also use the keyboard. Install
> a hardware random number generator and configure the kernel to use
> it (might require a OS change as I don't know if this is supported
> under Linux).
>
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
>
>




--
Marcus Morgan
UF/OIT/CNS/NS/S
marcus@ufl.edu