[onerng talk] Blinking LED
Paul Campbell
paul at taniwha.com
Thu Jun 18 01:37:43 BST 2015
On Thu, 18 Jun 2015 09:58:19 James Cameron wrote:
> Jun 18 09:40:53 esk rngd: too many FIPS failures, disabling entropy source
> Jun 18 09:40:53 esk rngd: No entropy sources working, exiting rngd
this is interesting you're the second person to report this ... rngd uses the
fips stuff wrongly - for a good-enough random source the fips test reports
some false negatives (you can see this running rngtest on OneRNG) this is
normal, sometimes a random stream has data that doesn't look random even
though it is - we get less than one false negative per 1000 tests which is
considered OK.
The problem with rngd is that it accumulates these errors (rather than looking
at long term failure rates and shutting down is the rates are too low)and when
it sees too many it shuts down.
We've talked about creating an option that runs OneRNG data through OpenSSL
AES (with a fixed key) to further whiten the incoming data - you might want to
try this and see if it solves your problem
Paul
More information about the Discuss
mailing list