<div dir="ltr">I can confirm that this issue happens to me as well with Ubuntu 14.0.4 - normally if I leave the system along it takes 30-90 minutes but does eventually come back with a generated key. Usually the interface does lock up, but it will come back. Tested with a live DVD, in VirtualBox and on an installed physical system. Not seeing the issue with other operating systems that I have tested with. 'Normal' generation time is less than a minute on the same hardware or VM with different operating systems.<div><br></div><div>Not sure if that is very helpful but I wanted to share.</div><div><br></div><div>Thanks!</div><div>Mike</div><div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 15, 2015 at 12:00 PM, <span dir="ltr"><<a href="mailto:otr-users-request@lists.cypherpunks.ca" target="_blank">otr-users-request@lists.cypherpunks.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send OTR-users mailing list submissions to<br>
<a href="mailto:otr-users@lists.cypherpunks.ca">otr-users@lists.cypherpunks.ca</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.cypherpunks.ca/mailman/listinfo/otr-users" rel="noreferrer" target="_blank">http://lists.cypherpunks.ca/mailman/listinfo/otr-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:otr-users-request@lists.cypherpunks.ca">otr-users-request@lists.cypherpunks.ca</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:otr-users-owner@lists.cypherpunks.ca">otr-users-owner@lists.cypherpunks.ca</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of OTR-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: Pidgin freezes on OTR private key generation<br>
(Michael McConville)<br>
2. Re: Pidgin freezes on OTR private key generation<br>
(Michael McConville)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Mon, 14 Sep 2015 15:02:07 -0400<br>
From: Michael McConville <<a href="mailto:mmcconville@mykolab.com">mmcconville@mykolab.com</a>><br>
To: Lachezar Dobrev <<a href="mailto:l.dobrev@gmail.com">l.dobrev@gmail.com</a>><br>
Cc: <a href="mailto:otr-users@lists.cypherpunks.ca">otr-users@lists.cypherpunks.ca</a>, <a href="mailto:twasilczyk@pidgin.im">twasilczyk@pidgin.im</a><br>
Subject: Re: [OTR-users] Pidgin freezes on OTR private key generation<br>
Message-ID: <<a href="mailto:20150914190206.GA7176@thinkpad.swarthmore.edu">20150914190206.GA7176@thinkpad.swarthmore.edu</a>><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
Lachezar Dobrev wrote:<br>
> You may not have enough entropy! Try downloading something big, or<br>
> watch a film off your hard drive. Move your mouse, type on the<br>
> keyboard.<br>
><br>
> That said… I do think this operation should be asynchronous, and not<br>
> hang the UI.<br>
<br>
True. I think Tomasz may actually already have a patch in his branch for<br>
this.<br>
<br>
That said, the other option is to change the gcrypt randomness quality<br>
level (of type gcry_random_level_t) from GCRY_VERY_STRONG_RANDOM to<br>
GCRY_STRONG_RANDOM. These represent /dev/random and /dev/urandom<br>
respectively.<br>
<br>
I think the only concern is that Linux doesn't block /dev/urandom until<br>
it has sufficient entropy. However, (IIUC) this is mostly only a problem<br>
in early boot stages and on embedded devices, which don't apply to most<br>
OTR use cases. OTR already uses /dev/urandom for ephemeral keys.<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Mon, 14 Sep 2015 17:28:09 -0400<br>
From: Michael McConville <<a href="mailto:mmcconville@mykolab.com">mmcconville@mykolab.com</a>><br>
To: Tomasz Wasilczyk <<a href="mailto:twasilczyk@pidgin.im">twasilczyk@pidgin.im</a>><br>
Cc: <a href="mailto:otr-users@lists.cypherpunks.ca">otr-users@lists.cypherpunks.ca</a><br>
Subject: Re: [OTR-users] Pidgin freezes on OTR private key generation<br>
Message-ID: <<a href="mailto:20150914212809.GA24733@thinkpad.swarthmore.edu">20150914212809.GA24733@thinkpad.swarthmore.edu</a>><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
Tomasz Wasilczyk wrote:<br>
> Michael McConville wrote:<br>
> > Lachezar Dobrev wrote:<br>
> >> You may not have enough entropy! Try downloading something big, or<br>
> >> watch a film off your hard drive. Move your mouse, type on the<br>
> >> keyboard.<br>
> >><br>
> >> That said… I do think this operation should be asynchronous, and not<br>
> >> hang the UI.<br>
> ><br>
> > True. I think Tomasz may actually already have a patch in his branch<br>
> > for this.<br>
> ><br>
> > That said, the other option is to change the gcrypt randomness<br>
> > quality level (of type gcry_random_level_t) from<br>
> > GCRY_VERY_STRONG_RANDOM to GCRY_STRONG_RANDOM. These represent<br>
> > /dev/random and /dev/urandom respectively.<br>
> ><br>
> > I think the only concern is that Linux doesn't block /dev/urandom<br>
> > until it has sufficient entropy. However, (IIUC) this is mostly only<br>
> > a problem in early boot stages and on embedded devices, which don't<br>
> > apply to most OTR use cases. OTR already uses /dev/urandom for<br>
> > ephemeral keys.<br>
> ><br>
> I don't think decreasing security level (even hyphotetical) is any<br>
> option to just making that asynchronous. Especially when a patch is<br>
> here.<br>
<br>
"Quality" is a dubious term here, though. I'd have to look at the gcrypt<br>
code again, but I recall them just being aliases of /dev/random and<br>
/dev/urandom. Crypto code increasingly assumes /dev/urandom to be secure<br>
(and it almost always is), so it's a reasonable option.<br>
<br>
I've seen Pidgin hang on recent releases of Debian/Ubuntu for 5+ minutes<br>
when generating OTR identity keys. As this email thread exemplifies,<br>
this hanging can concern or even spook users. There's also the question<br>
of what exactly the UI does if OTR takes five minutes to generate an<br>
identity key. OTR chat has to be disabled for that account. How do we<br>
signal this to the user? What if they get impatient or think OTR is<br>
broken?<br>
<br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
OTR-users mailing list<br>
<a href="mailto:OTR-users@lists.cypherpunks.ca">OTR-users@lists.cypherpunks.ca</a><br>
<a href="http://lists.cypherpunks.ca/mailman/listinfo/otr-users" rel="noreferrer" target="_blank">http://lists.cypherpunks.ca/mailman/listinfo/otr-users</a><br>
<br>
<br>
------------------------------<br>
<br>
End of OTR-users Digest, Vol 75, Issue 2<br>
****************************************<br>
</blockquote></div><br></div></div></div>