[Icecast] No PRNG seed configured. PRNG is insecure.

Damian db76 at riseup.net
Wed Aug 10 12:48:20 UTC 2022 

Okay. Thanks for clarifying. 

> On 10 Aug 2022, at 19:19AEST, Philipp Schafft <phschafft at de.loewenfelsen.net> wrote:
> 
> Good morning,
> 
> On Wed, 2022-08-10 at 11:01 +1000, Damian wrote:
>> Could anyone point me to the most relevant docs / discussion on line
>> for this topic? Can’t find any docs at https://icecast.org/ <https://icecast.org/> 
>> regarding this. 
> 
> There is hardly anything as this setting was mostly superseded by the
> use of libigloo. Which happened since the last beta (while super
> stable, it's still a beta after all for exactly this type of reasons
> :).
> 
> Adding the "linux" profile as you did should do the trick just fine for
> the version you are running.
> 
> Also this is not really TLS related. This is for everything that needs
> random numbers that is not TLS. (And therefore also applies to non-TLS
> builds).
> 
> 
> With best regards,
> 
> 
>>> On 8 Aug 2022, at 21:50AEST, Damian <db76 at riseup.net> wrote:
>>> 
>>> Okay, so I feel pretty silly right now because I found the PRNG
>>> config settings at the bottom of the icecast.xml file.
>>> I uncommented the following two lines (which I think is the correct
>>> thing to do) but I am not confident. 
>>> Regardless, I don’t get any more error massage. 
>>> 
>>> <prng-seed type="read-write" size="1024">/var/cache/icecast.prng-
>>> seed</prng-seed>
>>> <prng-seed type="profile">linux</prng-seed>
>>> 
>>> Can anyone confirm whether I am on the right track and whether the
>>> other two PRNG settings are also necessary?
>>> 
>>> I am running icecast 2.5 on Debian 10
>>> 
>>> Damian 
>>> 
>>> 
>>>> On 6 Aug 2022, at 17:31AEST, Damian <db76 at riseup.net> wrote:
>>>> 
>>>> Hi,
>>>> 
>>>> I am migrating from icecast 2.4.4 and testing version 2.5.
>>>> I have installed on Debian 10 via source. Everything is working,
>>>> although I can see in the Icecast admin page and also in the logs
>>>> the following message:
>>>> 
>>>> No PRNG seed configured. PRNG is insecure
>>>> 
>>>> I am not sure how to troubleshoot this, so any pointers would be
>>>> greatly appreciated.
>>>> This looks to be related to TSL/SSL. I have the public and
>>>> private parts of my key together in a PEM, if this helps with
>>>> diagnosing the issue.
> 
> 
> -- 
> Philipp Schafft (CEO/Geschäftsführer) 
> Telephon:  +49.3535 490 17 92
> Website:   https://www.loewenfelsen.net/ <https://www.loewenfelsen.net/>
> Follow us: https://www.linkedin.com/company/loewenfelsen/ <https://www.linkedin.com/company/loewenfelsen/>
> 
> Löwenfelsen UG (haftungsbeschränkt)     Registration number:
> Bickinger Straße 21                     HRB 12308 CB
> 04916 Herzberg (Elster)                 VATIN/USt-ID:
> Germany                                 DE305133015
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org <mailto:Icecast at xiph.org>
> http://lists.xiph.org/mailman/listinfo/icecast <http://lists.xiph.org/mailman/listinfo/icecast>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20220810/c440859d/attachment.htm>

More information about the Icecast mailing list