TLS failed, service in BUSY state, terminated abnormally
Henrique de Moraes Holschuh
hmh at debian.org
Mon Sep 6 22:13:36 EDT 2010
On Tue, 07 Sep 2010, Clement Hermann (nodens) wrote:
> I always use /dev/urandom if I don't have hardware RNG on a busy server,
> because availability is more important than protection against a very
> unlikely threat, and I did have some problem under heavy load.
If you have a HRNG properly feeding the Linux kernel with entropy,
/dev/urandom will operate in the exactly same way as /dev/random anyway.
Really, /dev/random is to be used ONLY when generating long-lived very
important data, such as long-lived keys.
> However, if I can, I prefer to use a hardware RNG, as it is really a
> breeze to use with rng-tools. It used to be available on any server x86
> motherboard, unfortunately it tends to be less frequent onboard
> nowadays... Actually, if you don't want to recompile cyrus but need to
> use /dev/urandom, you can use /dev/random with rng-tools using
> /dev/urandom as a random source instead of the RNG device.
Well, I can recommend this: http://www.entropykey.co.uk
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
More information about the Info-cyrus
mailing list