[arch-general] cannot generate enough entropy for pacman-key --init

Thomas S Hatch thatch45 at gmail.com
Sat Oct 15 12:18:34 EDT 2011

On Sat, Oct 15, 2011 at 9:56 AM, Alper Kanat <tunix at raptiye.org> wrote:

> Hey There,
> I have an Arch Linux box inside Virtualbox on a Mac that I use for
> development purposes. I connect to this machine via SSH without any visual
> interface. It's on [testing] and just upgraded to pacman 4.0 and after
> installation it asked me to run pacman-key --init to generate the necessary
> keys for my system. I did all of these inside GNU Screen (also tried
> without
> it without any luck):
> $ sudo pacman-key --init
> gpg: Generating pacman keychain master key...
> Not enough random bytes available.  Please do some other work to give
> the OS a chance to collect more entropy! (Need 300 more bytes)
> I pressed random bits with the keyboard but it didn't work so I fired up
> another window inside screen and did cat /dev/urandom > /dev/null but that
> also didn't work. So I found this [1] article and tried it again without
> any
> luck.
> So I'm basically stuck here. Can someone please help me? Since pacman is
> bricked, I can't also install anything. Now I have to manually downgrade
> pacman if I can't succeed.
> Thanks!
> [1] http://www.thingy-ma-jig.co.uk/blog/22-01-2010/generate-entropy-gnupg
> ---
> Quis custodiet ipsos custodes?

This behavior is due to the use of /dev/random by the gpg backend. On Linux
systems there are two random data generators. urandom takes a random seed
from random and generates infinite pseudo random data.

the random interface only returns data based on entropy and therefore does
not generate pseudo random data, only truly random data. But the entropy
inputs through the Linux kernel is not infinite, so it will run out and the
random kernel interface will block waiting for new entropy to be generated.

GPG uses random over urandom because it returns better source random data,
and therefore creates a more secure key pair. The best way to overcome the
blocking of the random interface is to generate more entropy for the kernel
to send to the random kernel interface, aka - move the mouse around, it
might take a few minutes.

More information about the arch-general mailing list