woelen
Super Administrator
Posts: 8012
Registered: 20-8-2005
Location: Netherlands
Member Is Offline
Mood: interested
|
|
New website running out of entropy, VERY VERY slow /dev/random
This is a completely non-chemistry topic, but I am quite sure there are some people over here who can help me with this.
I am in the process of extending my website (see my signnature for the current website) and I want to add dynamic contents to it (such as an online
chemical equation solver, a molar ratio calculator and a database with lots of info about reactions and chemicals). For this purpose I want to use a
servlet container, allowing me to write a lot of nice dynamic stuff. I want to use Tomcat 5.5.27 (http://tomcat.apache.org), combined with native APR for added performance. Tomcat 5.x implements the JSR154 servlet spec (Servlet API 2.4).
Tomcat uses the device /dev/random for obtaining true random numbers, but as the website is on a server, there hardly is any entropy generation from
physical interaction and after a while, Tomcat gets VERY VERY slow. Starting up the HTTPS adapter may take more than 30 minutes   . If I have the
system running for many hours, without using Tomcat, then I again have collected sufficient entropy for a while, but soon the system runs out of
entropy again.
My idea is to remove the /dev/random device and make a new one using mknod to create a character device which has the same minor number and major
number as /dev/urandom. The latter switches to some pseudo-random number generation algorithm, when it runs out of entropy and so this device never
blocks on reading.
My question is, is this safe to do or might there be something screwed up in the system if I do so? I am not sure what happens if processes are
reading from my patched /dev/random and /dev/urandom at the same time.
I do not really care for the loss of security, my only concern is that the system may become less stable if two devices are associated with the same
major/minor combination. I tried it, and it seems to work, but I do not have any idea about long-term stability. My new webserver should run
unattended for weeks or months and I do not want to have to reboot it frequently because of crappy device behavior.
[Edited on 9-10-08 by woelen]
|
|
|
pantone159
National Hazard
Posts: 590
Registered: 27-6-2006
Location: Austin, TX, USA
Member Is Offline
Mood: desperate for shade
|
|
This is not really answering your questions, as I don't know anything about the random device properties... But some comments on random number
generators...
http://www.fourmilab.ch/hotbits/
HotBits is an internet accessible source of physically random numbers, generated by timing radioactive decay.
http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt.html
http://en.wikipedia.org/wiki/Mersenne_Twister
The Mersenne Twister is a pseudo-random number generator that seems to have excellent statistical properties and an extremely long period.
|
|
|
woelen
Super Administrator
Posts: 8012
Registered: 20-8-2005
Location: Netherlands
Member Is Offline
Mood: interested
|
|
I already solved the problem. I just exchanged /dev/urandom and /dev/random:
rm -f /dev/urandom /dev/random
mknod /dev/random c 1 9
mknod /dev/urandom c 1 8
This is not a general solution, but as my system is running Tomcat and nothing else, this is not a problem at all. The quality of /dev/urandom numbers
is well beyond what is needed for my webserver.
The new webserver will run on a PII, 300 MHz with 160 MByte of RAM.
|
|
|
woelen
Super Administrator
Posts: 8012
Registered: 20-8-2005
Location: Netherlands
Member Is Offline
Mood: interested
|
|
The renewed website unfortunately will have to wait a little longer. The old laptop, which was intented to be used as server has died. I tried to
remove everything not necessary for operating it as a server (keeping power consumption as low as possible), but in the process of doing so, the
entire mainboard is damaged and it does not boot anymore Just a dimly lit grey
screen when it is powered on and nothing more In no way can it be repaired, it is
good for the junk-yard...
The old laptop was not that good anyway, so I'll try to find another one, possibly a little more fast and with a little more memory. The experience I
have in installing the software and getting Tomcat running is a good thing on its own and will be useful in a next attempt.
[Edited on 11-10-08 by woelen]
|
|
|
woelen
Super Administrator
Posts: 8012
Registered: 20-8-2005
Location: Netherlands
Member Is Offline
Mood: interested
|
|
I now have another laptop (for free!). It is an old Acer Aspire, series 1350 (actually, a 1352XC) with a dead battery. Today I purchased 1 GByte of
memory for this thing and this will be the new host for my website, running Ubuntu 8.04.1, server edition. Total cost of the project: EUR 32 for the
memory + a lot of time.
I am running the CPU at only 800 MHz, while it is intended to run at 1800 MHz. I also switch off completely the screen (dbetool dpms off). Doing these
two things keeps the system really cool and total power usage drops from 60 Watt to 20 Watt.
So, in the next few days you may experience some down-time of my website, but I hope to have it running on the new hardware by the end of the week.
Lateron, I'll add all kinds of dynamic content, when deploying a real web-application with Tomcat.
|
|
|
woelen
Super Administrator
Posts: 8012
Registered: 20-8-2005
Location: Netherlands
Member Is Offline
Mood: interested
|
|
Another step in the upgrade of my website. The line has just been upgraded and now your download bandwidth (my upload bandwidth) is twice as large
(1024 kbit/s). Downtime has just been a minute or so (needed a kernel reboot)  .
[Edited on 3-11-08 by woelen]
|
|
|
![[*]](images/xpblue/default_icon.gif){kind=icon}
