Icecast - Aug 2022 - No PRNG seed configured. PRNG is insecure.

Could anyone point me to the most relevant docs / discussion on line for this
topic? Can?t find any docs at https://icecast.org/ <https://icecast.org/> 
regarding this.


> On 8 Aug 2022, at 21:50AEST, Damian <db76 at riseup.net> wrote:
> 
> Okay, so I feel pretty silly right now because I found the PRNG config
settings at the bottom of the icecast.xml file.
> I uncommented the following two lines (which I think is the correct thing
to do) but I am not confident.
> Regardless, I don?t get any more error massage. 
> 
> <prng-seed type="read-write"
size="1024">/var/cache/icecast.prng-seed</prng-seed>
> <prng-seed type="profile">linux</prng-seed>
> 
> Can anyone confirm whether I am on the right track and whether the other
two PRNG settings are also necessary?
> 
> I am running icecast 2.5 on Debian 10
> 
> Damian 
> 
> 
>> On 6 Aug 2022, at 17:31AEST, Damian <db76 at riseup.net
<mailto:db76 at riseup.net>> wrote:
>> 
>> Hi,
>> 
>> I am migrating from icecast 2.4.4 and testing version 2.5.
>> I have installed on Debian 10 via source. Everything is working,
although I can see in the Icecast admin page and also in the logs the following
message:
>> 
>> No PRNG seed configured. PRNG is insecure
>> 
>> I am not sure how to troubleshoot this, so any pointers would be
greatly appreciated.
>> This looks to be related to TSL/SSL. I have the public and private
parts of my key together in a PEM, if this helps with diagnosing the issue.
>> 
>> Regards
>> Damian
>> 
>> 
>> 
>> _______________________________________________
>> Icecast mailing list
>> Icecast at xiph.org <mailto:Icecast at xiph.org>
>> http://lists.xiph.org/mailman/listinfo/icecast
> 
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20220810/e5b37bb7/attachment.htm>

Good morning,

On Wed, 2022-08-10 at 11:01 +1000, Damian wrote:
> Could anyone point me to the most relevant docs / discussion on line
> for this topic? Can?t find any docs at https://icecast.org/ 
> regarding this. 
There is hardly anything as this setting was mostly superseded by the
use of libigloo. Which happened since the last beta (while super
stable, it's still a beta after all for exactly this type of reasons
:).

Adding the "linux" profile as you did should do the trick just fine
for
the version you are running.

Also this is not really TLS related. This is for everything that needs
random numbers that is not TLS. (And therefore also applies to non-TLS
builds).


With best regards,

> > On 8 Aug 2022, at 21:50AEST, Damian <db76 at riseup.net> wrote:
> > 
> > Okay, so I feel pretty silly right now because I found the PRNG
> > config settings at the bottom of the icecast.xml file.
> > I uncommented the following two lines (which I think is the correct
> > thing to do) but I am not confident. 
> > Regardless, I don?t get any more error massage. 
> > 
> > <prng-seed type="read-write"
size="1024">/var/cache/icecast.prng-
> > seed</prng-seed>
> > <prng-seed type="profile">linux</prng-seed>
> > 
> > Can anyone confirm whether I am on the right track and whether the
> > other two PRNG settings are also necessary?
> > 
> > I am running icecast 2.5 on Debian 10
> > 
> > Damian 
> > 
> > 
> > > On 6 Aug 2022, at 17:31AEST, Damian <db76 at riseup.net>
wrote:
> > > 
> > > Hi,
> > > 
> > > I am migrating from icecast 2.4.4 and testing version 2.5.
> > > I have installed on Debian 10 via source. Everything is working,
> > > although I can see in the Icecast admin page and also in the logs
> > > the following message:
> > > 
> > > No PRNG seed configured. PRNG is insecure
> > > 
> > > I am not sure how to troubleshoot this, so any pointers would be
> > > greatly appreciated.
> > > This looks to be related to TSL/SSL. I have the public and
> > > private parts of my key together in a PEM, if this helps with
> > > diagnosing the issue.

-- 
Philipp Schafft (CEO/Gesch?ftsf?hrer) 
Telephon:  +49.3535 490 17 92
Website:   https://www.loewenfelsen.net/
Follow us: https://www.linkedin.com/company/loewenfelsen/

L?wenfelsen UG (haftungsbeschr?nkt)     Registration number:
Bickinger Stra?e 21                     HRB 12308 CB
04916 Herzberg (Elster)                 VATIN/USt-ID:
Germany                                 DE305133015
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20220810/53314db0/attachment.sig>