On a server system without any hardware number generator it happens that /dev/random blocks because of not enough entropy available. The entropy for it is collected from keyboard mouse and/or device interrupts. But on a server system with lots of memory and without any keyboard or mouse it happens that not enough entropy is available and blocks the system if anyone tries to access /dev/random. As one solution the software can access /dev/urandom instead which is not so much random than /dev/random but 1. it doesn't block and the randomness of /dev/urandom is in most cases really enough. But to get all software using /dev/urandom instead those software has been either patched or /dev/random linked to /dev/urandom, which is of course not the best solution and also not easily possibly with devfs installed. As there are the "rng-tools" package for using hardware number generators such as i8x0 or AMD hardware this package can be used to obtain enough entropy for /dev/random - but unfortunatly most of the motherboards out there doesn't serve these hardware components these days. Therefore the most decent solution for getting /dev/random non-blocking for non hardware generator supported server systems is to use the rng-tools package with a patche /etc/init.d/rngd start() function in which the rng-daemon is used with /dev/urandom like this: -- cut here -- start() { ebegin "Starting hardware RNG daemon" if [ -e /dev/hw_random ]; then start-stop-daemon --start --quiet --exec /usr/sbin/rngd -- -b -r /dev/hw_random eend $? "Failed to start hardware RNG daemon" elif [ -e /dev/hwrandom ]; then start-stop-daemon --start --quiet --exec /usr/sbin/rngd -- -b -r /dev/hwrandom eend $? "Failed to start hardware RNG daemon" elif [ -e /dev/i810_rng ]; then start-stop-daemon --start --quiet --exec /usr/sbin/rngd -- -b -r /dev/i810_rng eend $? "Failed to start hardware RNG daemon" else einfo "No hardware RNG found, using /dev/urandom" start-stop-daemon --start --quiet --exec /usr/sbin/rngd -- -b -r /dev/urandom eend $? "Failed to start hardware RNG daemon" fi } -- cut here -- This way /dev/random will be non-blocking on those systems and apache or/and libsasl doesn't have any problem in using /dev/random anymore if necessary. Reproducible: Always Steps to Reproduce: 1. call "head -c 1024 /dev/random" several times and see it blocking if the mouse/keyboard is not used 2. Imaging that you don't have a keyboard or mouse so that the entropy isn't enough 3. use the "rng-tools" and use the other start() method to get /dev/urandom used instead. Actual Results: After the fix /dev/random is non blocking anymore and apache and/or libsasl works like a charme without blocking in several other situations. Expected Results: the rng-tools should start up the daemon with /dev/urandom as the input source if no hardware random generator device is found and if course the "rng-tools" should be considered as being the default on a standa gentoo installation or at least the documentation should cover that blocking system and inform the user about the alternative in using the "rng-tools" package. Please check apache and/or the MD5 routines in libsasl as they are using /dev/random and are therefore blocking if the entropy is too low. And there are probably dozen other tools/utilities/ programs out there using /dev/random and blocking if it doesn't have enough random data left.
the kernel also collects entropy from disk/network timing, and in many cases this provides more than enough entropy. however I do think using rngd to do a feedback input definetly has a place (/me recalls too many people reporting the blocking for input bugs...)
in cvs now.
Just as an addition. IMHO This topic should also be raised in the Installation Handbook of gentoo linux as configurating/using the RNG tools correctly is a very important part of the installation as this could lead to many different problems if one doesn't know that /dev/random is the cause for all his/her hangs. And please explain what you exactly changed in the cvs now concerning the rng-tools? As I really think they should be included in each default installation. Believe me, I have 2 servers here which ran out of entropy because they have heaps of memory so lots of disk access is anyway cached. It is really easy to reproduce that /dev/random blocks, so using a hardware random generator or the rng daemon on gentoo is a mandatory thing.