[OTR-users] Pidgin freezes on OTR private key generation

Michael Hill mikehilly at gmail.com
Wed Sep 16 21:48:18 EDT 2015


I can confirm that this issue happens to me as well with Ubuntu 14.0.4 -
normally if I leave the system along it takes 30-90 minutes but does
eventually come back with a generated key.  Usually the interface does lock
up, but it will come back.  Tested with a live DVD, in VirtualBox and on an
installed physical system.  Not seeing the issue with other operating
systems that I have tested with.  'Normal' generation time is less than a
minute on the same hardware or VM with different operating systems.

Not sure if that is very helpful but I wanted to share.

Thanks!
Mike

On Tue, Sep 15, 2015 at 12:00 PM, <otr-users-request at lists.cypherpunks.ca>
wrote:

> Send OTR-users mailing list submissions to
>         otr-users at lists.cypherpunks.ca
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.cypherpunks.ca/mailman/listinfo/otr-users
> or, via email, send a message with subject or body 'help' to
>         otr-users-request at lists.cypherpunks.ca
>
> You can reach the person managing the list at
>         otr-users-owner at lists.cypherpunks.ca
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OTR-users digest..."
>
>
> Today's Topics:
>
>    1. Re: Pidgin freezes on OTR private key generation
>       (Michael McConville)
>    2. Re: Pidgin freezes on OTR private key generation
>       (Michael McConville)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 14 Sep 2015 15:02:07 -0400
> From: Michael McConville <mmcconville at mykolab.com>
> To: Lachezar Dobrev <l.dobrev at gmail.com>
> Cc: otr-users at lists.cypherpunks.ca, twasilczyk at pidgin.im
> Subject: Re: [OTR-users] Pidgin freezes on OTR private key generation
> Message-ID: <20150914190206.GA7176 at thinkpad.swarthmore.edu>
> Content-Type: text/plain; charset=utf-8
>
> Lachezar Dobrev wrote:
> > You may not have enough entropy! Try downloading something big, or
> > watch a film off your hard drive. Move your mouse, type on the
> > keyboard.
> >
> > That said… I do think this operation should be asynchronous, and not
> > hang the UI.
>
> True. I think Tomasz may actually already have a patch in his branch for
> this.
>
> That said, the other option is to change the gcrypt randomness quality
> level (of type gcry_random_level_t) from GCRY_VERY_STRONG_RANDOM to
> GCRY_STRONG_RANDOM. These represent /dev/random and /dev/urandom
> respectively.
>
> I think the only concern is that Linux doesn't block /dev/urandom until
> it has sufficient entropy. However, (IIUC) this is mostly only a problem
> in early boot stages and on embedded devices, which don't apply to most
> OTR use cases. OTR already uses /dev/urandom for ephemeral keys.
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 14 Sep 2015 17:28:09 -0400
> From: Michael McConville <mmcconville at mykolab.com>
> To: Tomasz Wasilczyk <twasilczyk at pidgin.im>
> Cc: otr-users at lists.cypherpunks.ca
> Subject: Re: [OTR-users] Pidgin freezes on OTR private key generation
> Message-ID: <20150914212809.GA24733 at thinkpad.swarthmore.edu>
> Content-Type: text/plain; charset=utf-8
>
> Tomasz Wasilczyk wrote:
> > Michael McConville wrote:
> > > Lachezar Dobrev wrote:
> > >> You may not have enough entropy! Try downloading something big, or
> > >> watch a film off your hard drive. Move your mouse, type on the
> > >> keyboard.
> > >>
> > >> That said… I do think this operation should be asynchronous, and not
> > >> hang the UI.
> > >
> > > True. I think Tomasz may actually already have a patch in his branch
> > > for this.
> > >
> > > That said, the other option is to change the gcrypt randomness
> > > quality level (of type gcry_random_level_t) from
> > > GCRY_VERY_STRONG_RANDOM to GCRY_STRONG_RANDOM. These represent
> > > /dev/random and /dev/urandom respectively.
> > >
> > > I think the only concern is that Linux doesn't block /dev/urandom
> > > until it has sufficient entropy. However, (IIUC) this is mostly only
> > > a problem in early boot stages and on embedded devices, which don't
> > > apply to most OTR use cases. OTR already uses /dev/urandom for
> > > ephemeral keys.
> > >
> > I don't think decreasing security level (even hyphotetical) is any
> > option to just making that asynchronous. Especially when a patch is
> > here.
>
> "Quality" is a dubious term here, though. I'd have to look at the gcrypt
> code again, but I recall them just being aliases of /dev/random and
> /dev/urandom. Crypto code increasingly assumes /dev/urandom to be secure
> (and it almost always is), so it's a reasonable option.
>
> I've seen Pidgin hang on recent releases of Debian/Ubuntu for 5+ minutes
> when generating OTR identity keys. As this email thread exemplifies,
> this hanging can concern or even spook users. There's also the question
> of what exactly the UI does if OTR takes five minutes to generate an
> identity key. OTR chat has to be disabled for that account. How do we
> signal this to the user? What if they get impatient or think OTR is
> broken?
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users
>
>
> ------------------------------
>
> End of OTR-users Digest, Vol 75, Issue 2
> ****************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20150916/471af7aa/attachment.html>


More information about the OTR-users mailing list