justan0theruser has quit [Ping timeout: 240 seconds]
blueberrypie has quit [Quit: leaving]
blueberrypie has joined #nixos-security
justan0theruser has joined #nixos-security
stigo has quit [Remote host closed the connection]
cole-h has quit [Ping timeout: 240 seconds]
stigo has joined #nixos-security
<arianvp>
Something is really wrong with the entropy pool on nixos 20.09. I can't even generate a 2048 bit RSA key
<arianvp>
did we change something this release?
<arianvp>
did we change something this release in terms of how we configure entropy sources?
<arianvp>
sorry for the double message
<ajs124>
arianvp: we might have changed the haveged.enable default?
<ajs124>
> The security.rngd service is now disabled by default. This choice was made because there's krngd in the linux kernel space making it (for most usecases) functionally redundent.
<{^_^}>
error: syntax error, unexpected IN, expecting ')', at (string):479:98
<arianvp>
interesting
<arianvp>
I wonder if we're maybe not building the kernel with the right configs or something
<hexa->
I see CONFIG_CRYPTO_RNG=m
<hexa->
CONFIG_CRYPTO_RNG2=y
<arianvp>
must say I am not very knowledgeable on this topic. But GPG taking minutes to generate a private key sounds very suspect on a fresh install
<hexa->
is it reproducible with ssh-keygen as well=
<arianvp>
let me check
<arianvp>
nope it's basically instant for openssh
<arianvp>
interesting...
<gchristensen>
arianvp: on what?
<gchristensen>
on bare metal?
<arianvp>
Thinkpad T490
tilpner_ has joined #nixos-security
tilpner has quit [Ping timeout: 256 seconds]
tilpner_ is now known as tilpner
tilpner has quit [Remote host closed the connection]