I don't know if it's related but:
openssl dhparam -out dhparam.pem 4096
was taking forever on amazon and was certainly faster on bitfolk.
Worth to check with/without entropy generators.
On Fri, Mar 18, 2016 at 1:46 PM, Andy Smith <andy@???> wrote:
> Hi Robert,
>
> On Fri, Mar 18, 2016 at 05:37:22PM +0000, Robert Gauld wrote:
> > I wrote a simple script to log available entropy every 10 seconds and ran
> > it for 36 hours. I had a maximum of 2043 and a minimum of 132, the graph
> > being quite erratic.
> >
> > I suppose the question really is what's a sensible minimum level to be
> > happy?
>
> Not really; a key argument of the article
> (http://www.2uo.de/myths-about-urandom/) is that measurements of
> available entropy are meaningless, because (a) there is really no way to
> know, and (b) the CSPRNG behind /dev/urandom can always provide you
> more and you should be using that.
>
> *Anything* that is reading from /dev/random is a concern because it
> could potentially block.
>
> So far it seems we are not finding anything now that uses
> /dev/random, although I suspect that gpg may well still do so when
> generating a new key. I haven't tested that yet.
>
> It's looking like the entropy service wiki article at the very least
> needs rewriting to stress:
>
> - urandom is good enough; try to make your software use that
>
> - don't configure this just because you measure a low entropy pool,
> do check exactly what software is blocking on /dev/random
>
> - let us know what software that is
>
> Cheers,
> Andy
>
> --
> http://bitfolk.com/ -- No-nonsense VPS hosting
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEAREDAAYFAlbsPv4ACgkQIJm2TL8VSQuHwQCgyDT2rpmPyfgliTmRfZhde7kn
> Qe8AnjxS1meNgk0+CqhUki43RE93Wq7v
> =surv
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> users mailing list
> users@???
> https://lists.bitfolk.com/mailman/listinfo/users
>
>
