Question on hostapd random pool

Jouni Malinen j at
Sat Jun 11 02:18:10 PDT 2016

On Wed, Jun 08, 2016 at 05:20:58PM -0700, Ann Lo wrote:
> Would you provide advice on the following messages from hostapd on
> Linux? Do they imply that there will be problems with generating AES
> keys? Does hostapd generate CCMP IV?
> 1) random: Not enough entropy pool available for secure operations.
> 2) WPA: Not enough entropy in random pool for secure operation -
> update keys later when the first station connects.

These are indications of the device not having sufficient amount of good
quality entropy available for generating secure random numbers. hostapd
tries to work around this by delaying certain operations related to
generating keys.

hostapd is not involved in actual CCMP processing of the Data frames,
i.e., that part is somewhere in the kernel or Wi-Fi firmware/hardware.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list