Gopass: Onboarding wizard locks up at "We need to generate a lot of random bytes"

Created on 2 Dec 2017  路  6Comments  路  Source: gopasspw/gopass

A common issue when generating GPG keys on Ubuntu/CentOS/Solaris/whatever (does it happen on macOS too?) is that it will lock up forever at:

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

A brand new user to gopass will type the gopass command, begin the onboarding wizard, get stuck at this part, and then be forced to go google this error message and start doing research on why it is happening. Or, they won't bother and will delete gopass and then use KeePass instead. ;) So there is a serious UX concern here: a user's first experience with the gopass should not have them pissed off from the get go.

This locking up issue is documented here: https://serverfault.com/questions/471412/gpg-gen-key-hangs-at-gaining-enough-entropy-on-centos-6/471418

According to this ServerFault page, there are two main ways of solving it.

1) The quick and dirty way is to open a 2nd console window / SSH session and:

dd if=/dev/sda of=/dev/zero

2) The cleaner solution is to install the rng-tools package:

  • On Debian/Ubuntu: apt install rng-tools -y
  • On RHEL/CentOS: yum install rng-tools -y

Once installed, rng-tools will automatically make GPG key generation complete very quickly without the user having to do anything at all.

Proposition: Before generating GPG keys, have gopass ensure that the rng-tools package is present on the system. If not, it should automatically install it, perhaps with a quick prompt to the user:

Warning: In order to generate secure GPG keys, you must have the "rng-tools" package installed. Do you want to install it now? [Y\n]

A Note on Security

Are there security concerns with using rng-tools to seed entropy in /dev/random for the purposes of creating a GPG key? I'm uncertain, and certainly not an expert in this area. Maybe some other security experts here can chime in on this. You can find the webpage for rng-tools here:

https://wiki.archlinux.org/index.php/Rng-tools

And here's a discussion about using rng-tools in a VM: https://security.stackexchange.com/questions/39992/is-it-safe-to-use-rng-tools-on-a-virtual-machine

picture Zamiell

All 6 comments

Also note here that on CentOS 7, after doing a yum install rng-tools -y, it will not automatically start the rngd daemon for some reason. So there needs to be a check for that:

systemctl start rngd

(The rngd daemon will automatically start on subsequent reboots of the system.)

With that said, I want to expand the proposal in the previous post: in addition to ensuring that rng-tools is installed, gopass should always always check to see if the rngd service is running before generating any GPG keys.

Zamiell picture Zamiell on 2 Dec 2017
👍1

I believe /dev/urandom and haveged are other options to capture entropy more quickly.
Overall I agree that Keybase should probably add a dialog encouraging the user to open a few other pages in their browser in order to trigger network activity and generate some more entropy, but even better they could use a non-blocking source of entropy aka /dev/urandom instead of /dev/random as it is still secure but avoids the negative user experience you described.

dragon788 picture dragon788 on 3 Dec 2017

Unfortunately, this is a limitation that's none of gopass' own, but of gpg2. There's a lot of shortcomings in this thread which are due to the underlying OS - and I have very mixed feelings about gopass invoking the package manager on its own. This stuff quickly gets irrelevant and is a large maintenance burden.

I think concerns like these are probably best addressed by the package manager itself, going directly back to the source of the problem. Looks like rng-tools should then just be a recommended or required package at installation time for the apt or yum packages then.

Alternatively, in a cross-platform compatible fashion, the "quick and dirty" hack might be much easier to implement: Before forking the gpg2 thread to generate a key, we could open a goroutine writing and deleting randomness to a random file in the directory many times in a loop...

(note that this has a few strings attached as well here that are non-obvious: permission errors, out of diskspace, name collisions, but at least it's KISS and nicely cross-platform compatible)

falschparker82 picture falschparker82 on 3 Dec 2017

We definitely should not make gopass interact with any kind of package manager directly. Setting up the dependencies should be left to whatever installation method the user chooses.

Adding suggests or recommends to the RPM / deb packages is certainly OK.

I'm not sure about the "quick and dirty" hack that generates background noise. This is either pseudo-random (PRNG) or it's depleting the system randomness leading to even longer gpg key generation times.

I think we should do two things:
1.) provide better information to the user
2.) suggest rng-tools in the package metadata

dominikschulz picture dominikschulz on 4 Dec 2017

As I mentioned on a separate issue thread, on RPM it may be only possible to add rng-tools as a required dependency instead of a suggested one. But that seems fine to me.

However, I'm foreseeing a UX issue in the new proposed workflow:

  • User installs fresh CentOS 7 Minimal.
  • User downloads gopass and does rpm -i gopass.rpm to install it.
  • User gets an error message about not having git installed already.
  • User does a yum install git -y, and then does the RPM install command again.
  • User gets an error message about not having rng-tools installed already.
  • User does a yum install rng-tools -y, and then does the RPM install command again.
  • Installation succeeds.
  • User types gopass, goes through the onboard wizard, and still gets stuck at the We need to generate a lot of random bytes part due to the issue with the rngd daemon that I documented earlier in this thread.

How to solve this? Well, as you say,

1.) provide better information to the user

What would this look like explicitly? In my mind, I think before invoking the gpg command that begins the key generation process, a warning message should be shown to the user that is something along the lines of the following:

WARNING: We are about to generate some GPG keys.
However, the GPG program can sometimes lock up, displaying the following:
"We need to generate a lot of random bytes."
If this happens, please see the following tips:
https://github.com/justwatchcom/gopass/blob/master/docs/entropy.md

Continue? [Y\n]

And of course, the entropy.md file needs to be created in the docs, that explains basically everything covered so far in this thread, including instructing the user to make sure that the rngd daemon is started.

Zamiell picture Zamiell on 4 Dec 2017
👍1

yum install rng-tools -y
systemctl start rngd
it works on centos7.4

iPhotoner picture iPhotoner on 27 Feb 2018
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Brixy picture Brixy  路  7Comments
braderhart picture braderhart  路  7Comments
jungle-boogie picture jungle-boogie  路  7Comments
sevenmaxis picture sevenmaxis  路  4Comments
fortrieb picture fortrieb  路  6Comments