nssec-keygen slowness

Sounds to me like you're running out of entropy.

Run this …

watch -n1 cat /proc/sys/kernel/random/entropy_avail

… while you attempt your keygen.

-Chris

> watch -n1 cat /proc/sys/kernel/random/entropy_avail

Goes from 128 - 191 while NOT running keygen.

Goes from 6 - 59 while running keygen.

On my colocated server I see that it is over 3500 when not running keygen.

So are these numbers typical for the smallest Linode?

Are the numbers affected by the processing power of the given node, or the cloud setup itself?

Thanks! :)

Entropy comes from "random" events (like keyboard and mouse events) that the kernel uses to stir up the random generator sequence. On a server, there is very little randomness available to the kernel, and on a VPS it is even worse.

Most people just switch things to use /dev/urandom so that the key generation won't wait for "high quality" randomness. Otherwise you just need to wait it out or generate your keys somewhere besides your linode.

I believe adding "-r /dev/urandom" would solve your problem, as would "-r keyboard" (which will get the random entropy from your keyboard input).

Personally, I'd use /dev/urandom and move on.

Choosing the /dev/urandom is instantanious; will keep that in mind the next time:

./dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 256 -n HOST mykey

By now I have gotten a random based key, but thanks to all for feedback. Good to learn something new! :-)