Yrurtj

When I log in with LightDM on my laptop running Debian Unstable, it recently started to hang for around 2 minutes until journalctl shows the message kernel: random: crng init done. When I press random keys on my keyboard while it hangs, it logs in faster (around 10 seconds). Before I didn't have this issue, is there any way I can fix it?

Edit: using linux-image-4.15.0-3-amd64 instead of linux-image-4.16.0-1-amd64 works, but I don't want to use an older kernel.

Looks like some component of your system blocks while trying to obtain random data from the kernel (i. e. reading from /dev/urandom or calling getrandom()) due to insufficient entropy (randomness) available.

I do not have a ready explanation for why the problem depends on a particular kernel version, or which component on your system actually blocks, but regardless of the root cause,

Indeed, as pointed out by Bigon in his answer, it appears to be a kernel bug introduced in 4.16:

This bug is introduced by the "crng_init > 0" to "crng_init > 1"
change in this commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43838a23a05fbd13e47d750d3dfd77001536dd33

This change inadvertently impacts urandom_read, causing the
crng_init==1 state to be treated as uninitialized and causing urandom
to block, despite this state existing specifically to support
non-cryptographic needs at boot time:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/char/random.c#n1863

Reverting 43838a23a05f ("random: fix crng_ready() test") fixes the bug
(tested with 4.16.5-1), but this may cause security concerns
(CVE-2018-1108 is mentioned in 43838a23a05f). I am testing a more
localised fix that should be more palatable to upstream.

(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897572#82)

...Still, you may try using haveged or rng-tools to gather entropy faster.

It's a change (bug?) in the kernel, see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897572

To mitigate that installing rng-tools5 seems to help. Note that I don't know whether installing this package has an impact or not on strong cryptography key generation

Edit: Apparently updating util-linux 2.32 should fix the issue

It's a kernel bug that can happen with different kernels.

Running apt-get install rng-tools as su in the terminal should work.

rng-tools only helps if your system has hardware support for random numbers, like intel's "Secure Key". This way invented with Ivy Bridge. My systems with 1037u processors (based in ivy bridge) do not have this hardware support. Therefore rng-tools do not help.

On another system here with a sandy bridge i3 processor rng-tools do help. The rngd service must be started very early in the boot process, in order to fill the entropy queue up. This is the case in the boot sequence with Ubuntu, I don't know if this is true for other distributions, but you can find out, as the start of rngd is logged in syslog.

In my case, I was running a Debian Buster (kernel 4.19.0-4-amd64) VM on Proxmox VE.

The solution was to add a VirtIO RNG device to the VM.
On Proxmox, this is done by editing the VM config file.

In my case, I edited /etc/pve/qemu-server/110.conf and added the following line:

args: -device virtio-rng-pci

No userspace tools (e.g. rng-tools or haveged) were needed.