[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnutls-dev] Feature request: not really random session keys
From: |
Werner Koch |
Subject: |
Re: [gnutls-dev] Feature request: not really random session keys |
Date: |
Thu, 19 Jan 2006 10:05:05 +0100 |
User-agent: |
Gnus/5.110004 (No Gnus v0.4) Emacs/21.4 (gnu/linux) |
On Wed, 18 Jan 2006 14:43:41 +0100, Nikos Mavrogiannopoulos said:
> Hmmm, I cannot verify it right now, but everything up to STRONG_RANDOM
> should have been using /dev/urandom. Only the VERY_STRONG_RANDOM
> in libgcrypt should use /dev/random, but this is not used for normal
We have a similar problem in gpg: Saving libcgrypt's random seed to a
file is not protected by a file locking. So when several gppg
processes run it may happen that one sees an empty seed file and now
starts to fill it up agains - this time from /dev/random! The
solution is to lock the seed file.
The same may happen with libgcrypt applications if several short
living processes are running (Exim?). I am not sure whether GnuTLS
sets a random seed file at all. Does it?
The quick solution would be to uses fcntl locks which are available on
all modern OSes.
In the long term there will be no other way than to have a Libgcrypt
specific daemon to maintain the entropy pool. I already wrote about
the problems we are facing with such a solution
(<address@hidden>).
Shalom-Salam,
Werner
- [gnutls-dev] Re: Feature request: not really random session keys, (continued)
Re: [gnutls-dev] Feature request: not really random session keys, Florian Weimer, 2006/01/18
[gnutls-dev] Re: Feature request: not really random session keys, Simon Josefsson, 2006/01/18
Re: [gnutls-dev] Feature request: not really random session keys, Nikos Mavrogiannopoulos, 2006/01/18
- Re: [gnutls-dev] Feature request: not really random session keys, Florian Weimer, 2006/01/18
- Re: [gnutls-dev] Feature request: not really random session keys, Nikos Mavrogiannopoulos, 2006/01/18
- Re: [gnutls-dev] Feature request: not really random session keys,
Werner Koch <=
- Re: [gnutls-dev] Feature request: not really random session keys, Florian Weimer, 2006/01/30
- Re: [gnutls-dev] Feature request: not really random session keys, Nikos Mavrogiannopoulos, 2006/01/30
- Re: [gnutls-dev] Feature request: not really random session keys, Florian Weimer, 2006/01/30
- Re: [gnutls-dev] Feature request: not really random session keys, Nikos Mavrogiannopoulos, 2006/01/30
- Re: [gnutls-dev] Feature request: not really random session keys, Florian Weimer, 2006/01/30
- Re: [gnutls-dev] Feature request: not really random session keys, Nikos Mavrogiannopoulos, 2006/01/30
- Re: [gnutls-dev] Feature request: not really random session keys, Andreas Metzler, 2006/01/30
[gnutls-dev] Re: Feature request: not really random session keys, Simon Josefsson, 2006/01/30
Re: [gnutls-dev] Feature request: not really random session keys, Werner Koch, 2006/01/30
Re: [gnutls-dev] Feature request: not really random session keys, Florian Weimer, 2006/01/30