[gentoo-user] Apache2 "generating secret" takes a long time

[gentoo-user] Apache2 "generating secret" takes a long time

[Grant]

Apache2 used to stop and start for me very quickly, but in the last
few days I've noticed it takes a very long time to start.  It seems to
be hanging on:

Digest: generating secret for digest authentication ...

although it does eventually move on and everything works fine.  Does
anyone know why this might have changed?  I update all packages on my
system daily so there may have been a package change that did it.
Here are all packages listed in /var/log/portage this month:

mysql
cscope
vixie-cron
jpeg
pax-utils
postfix
ssmtp
gmp
pycrypto
portage
gentoolkit
ncurses

Any ideas?

- Grant
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Apache2 "generating secret" takes a long time

[Bryan Ãstergaard]

On Fri, Jun 16, 2006 at 10:02:09AM -0700, Grant wrote:
> Apache2 used to stop and start for me very quickly, but in the last
> few days I've noticed it takes a very long time to start.  It seems to
> be hanging on:
> 
> Digest: generating secret for digest authentication ...
> 
> although it does eventually move on and everything works fine.  Does
> anyone know why this might have changed?  I update all packages on my
> system daily so there may have been a package change that did it.

You're running out of entropy so apache is waiting on /dev/random to
gain more entropy.

There's several different ways to fix this including:

1. Use a hardware RNG (random number generator), some chipsets provide
that but you need to enable support in the kernel.
2. emerge apr with USE=urandom. This makes apr use /dev/urandom instead
of /dev/random. urandom isn't as strong cryptographically speaking as
random but might be good enough for your use.
3. Disable digest authentication in the apache configuration.
4. Use some entropy gathering daemon like sys-apps/clrngd,
media-sound/sound-entropyd or media-video/video-entropyd.

Hope this helps.

Regards,
Bryan Østergaard
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Apache2 "generating secret" takes a long time

[Grant]

> > Apache2 used to stop and start for me very quickly, but in the last
> > few days I've noticed it takes a very long time to start.  It seems to
> > be hanging on:
> >
> > Digest: generating secret for digest authentication ...
> >
> > although it does eventually move on and everything works fine.  Does
> > anyone know why this might have changed?  I update all packages on my
> > system daily so there may have been a package change that did it.
>
> You're running out of entropy so apache is waiting on /dev/random to
> gain more entropy.
>
> There's several different ways to fix this including:
>
> 1. Use a hardware RNG (random number generator), some chipsets provide
> that but you need to enable support in the kernel.
> 2. emerge apr with USE=urandom. This makes apr use /dev/urandom instead
> of /dev/random. urandom isn't as strong cryptographically speaking as
> random but might be good enough for your use.
> 3. Disable digest authentication in the apache configuration.
> 4. Use some entropy gathering daemon like sys-apps/clrngd,
> media-sound/sound-entropyd or media-video/video-entropyd.
>
> Hope this helps.
>
> Regards,
> Bryan Østergaard

Very nice.  Thanks Bryan.

- Grant

-- 
gentoo-user@gentoo.org mailing list