[Icecast] No PRNG seed configured. PRNG is insecure.
Damian
db76 at riseup.net
Wed Aug 10 12:48:20 UTC 2022
Okay. Thanks for clarifying.
> On 10 Aug 2022, at 19:19AEST, Philipp Schafft <phschafft at de.loewenfelsen.net> wrote:
>
> Good morning,
>
> On Wed, 2022-08-10 at 11:01 +1000, Damian wrote:
>> Could anyone point me to the most relevant docs / discussion on line
>> for this topic? Can’t find any docs at https://icecast.org/ <https://icecast.org/>
>> regarding this.
>
> There is hardly anything as this setting was mostly superseded by the
> use of libigloo. Which happened since the last beta (while super
> stable, it's still a beta after all for exactly this type of reasons
> :).
>
> Adding the "linux" profile as you did should do the trick just fine for
> the version you are running.
>
> Also this is not really TLS related. This is for everything that needs
> random numbers that is not TLS. (And therefore also applies to non-TLS
> builds).
>
>
> With best regards,
>
>
>>> On 8 Aug 2022, at 21:50AEST, Damian <db76 at riseup.net> wrote:
>>>
>>> Okay, so I feel pretty silly right now because I found the PRNG
>>> config settings at the bottom of the icecast.xml file.
>>> I uncommented the following two lines (which I think is the correct
>>> thing to do) but I am not confident.
>>> Regardless, I don’t get any more error massage.
>>>
>>> <prng-seed type="read-write" size="1024">/var/cache/icecast.prng-
>>> seed</prng-seed>
>>> <prng-seed type="profile">linux</prng-seed>
>>>
>>> Can anyone confirm whether I am on the right track and whether the
>>> other two PRNG settings are also necessary?
>>>
>>> I am running icecast 2.5 on Debian 10
>>>
>>> Damian
>>>
>>>
>>>> On 6 Aug 2022, at 17:31AEST, Damian <db76 at riseup.net> wrote:
>>>>
>>>> Hi,
>>>>
>>>> I am migrating from icecast 2.4.4 and testing version 2.5.
>>>> I have installed on Debian 10 via source. Everything is working,
>>>> although I can see in the Icecast admin page and also in the logs
>>>> the following message:
>>>>
>>>> No PRNG seed configured. PRNG is insecure
>>>>
>>>> I am not sure how to troubleshoot this, so any pointers would be
>>>> greatly appreciated.
>>>> This looks to be related to TSL/SSL. I have the public and
>>>> private parts of my key together in a PEM, if this helps with
>>>> diagnosing the issue.
>
>
> --
> Philipp Schafft (CEO/Geschäftsführer)
> Telephon: +49.3535 490 17 92
> Website: https://www.loewenfelsen.net/ <https://www.loewenfelsen.net/>
> Follow us: https://www.linkedin.com/company/loewenfelsen/ <https://www.linkedin.com/company/loewenfelsen/>
>
> Löwenfelsen UG (haftungsbeschränkt) Registration number:
> Bickinger Straße 21 HRB 12308 CB
> 04916 Herzberg (Elster) VATIN/USt-ID:
> Germany DE305133015
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org <mailto:Icecast at xiph.org>
> http://lists.xiph.org/mailman/listinfo/icecast <http://lists.xiph.org/mailman/listinfo/icecast>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20220810/c440859d/attachment.htm>
More information about the Icecast
mailing list