Hello,
I am running Linux 2.4.26 on a PC/104 board with an AMD SC520 CPU (i486 compatible). I'm doing some HTTPS secure connection experiments with the Sun JVM 1.4.2. The problem is that the VM needs a random source of data to generate temporary SSL keys. To do so, it reads from /dev/random. However, at some point, the process blocks forever because /dev/random doesn't have enough entropy. I've runned strace and saw the actual read() system call being block when reading from /dev/random. If I kill the process, I can't even read a single /dev/random byte using dd.
This is an embedded system; so there's not a lot of stuff going on to generate enough entropy. A read somewhere that you can save/restore the entropy pool across reboots. In my case, this can't apply because the user won't have to option to do a clean shutdown. The user can only do a power cycle.
I tought about linking /dev/random to /dev/urandom (I know this is less secure) which doesn't block when out of random bits (it will generate pseudo random number then) but I can't do that as I'm using devfs for /dev. Even root cannot remove /dev/random when using devfs.
One could use a A/D converter and use the LSB bits from a random signal to feed /dev/random (amplified power line noise??) but I got no A/D on that board.
On my Linux PC dev box and Windows box, my test software runs fine because enough entropy is available. Is there some kind of patch or an alternative kernel random number generator that could solve this problem ? Any ideas ??
Thanks a lot,
Simon Paradis
--------------- IDS Micronet