|
Post by SDL on Nov 6, 2018 14:46:05 GMT -8
Triggerfish, At first I thought you were spouting nonsense, but after reading the article, pretty interesting. Can you source the article where it talks about Safe hashes for SSL connections? I am having beer with the crew tomorrow night and I want to have all my ducks in a row to ambush our CTO, Dr. John Shovic, on this issue. I'll be he doesn't know about it. BP
|
|
|
Post by triggerfish on Nov 7, 2018 0:51:54 GMT -8
Triggerfish, At first I thought you were spouting nonsense, but after reading the article, pretty interesting. Can you source the article where it talks about Safe hashes for SSL connections? I am having beer with the crew tomorrow night and I want to have all my ducks in a row to ambush our CTO, Dr. John Shovic, on this issue. I'll be he doesn't know about it. BP Mmm, at the moment I can not retrieve a specific article stating the exact cause. I started searching on the error and worked my way to the possible solution I implemented now. The best explanation besides the link I already sent is Waiting for entropy. The conclusion was that SSL relied on /dev/random (or another random generator in whatever OS you look at), which basically is empty at boot and get filled by rubbish during execution of processes. If you try to get random data before the OS actually has done some processing, you will not get much. I.E. Low entropy. Just waiting five minutes will not help much, because data needs to go through memory and stacks, to fill the random device. So initially SSL can fail to get enough random data. It will fail sooner after an power up than after a regular reboot, because the reboot will not blank all memory. I guess, looking back, I got the errors only after the system started up when the battery was recharged again. The installed rng-tools apparently read a hardware rubbish generator and fill the random device very fast, not having to rely on activity of the computer. Hope this helps.
|
|
|
Post by triggerfish on Nov 7, 2018 1:28:58 GMT -8
|
|
|
Post by SDL on Nov 10, 2018 16:40:16 GMT -8
Triggerfish, Interesting that I have never experienced this problem. John thought the article was pretty cool. He started a company in the late 80's doing Error Correction and Data compression (www.aha.com) and knows a lot about entropy in general. BP
|
|
|
Post by triggerfish on Dec 13, 2018 6:03:54 GMT -8
Since I implemented the RTC I never had the strange ssl error anymore, so apparently this did the trick.
|
|
|
Post by SDL on Dec 13, 2018 11:25:13 GMT -8
Oooohhhhmmm. A mystery.
BP
|
|