[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnutls-dev] Re: Feature request: not really random session keys
From: |
Simon Josefsson |
Subject: |
[gnutls-dev] Re: Feature request: not really random session keys |
Date: |
Mon, 30 Jan 2006 15:13:48 +0100 |
User-agent: |
Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) |
Florian Weimer <address@hidden> writes:
> * Werner Koch:
>
>> The same may happen with libgcrypt applications if several short
>> living processes are running (Exim?). I am not sure whether GnuTLS
>> sets a random seed file at all. Does it?
>
> In case of Exim, it's regeneration of the RSA_EXPORT key. It is not
> serialized, either, so multiple Exim processes try to regenerate it
> and consume increasing amounts of entropy.
I recall the same problem in some other application. The solution was
to have a separate process devoted to regenerate the keys, store it to
a file, and have the other processes use it. This circumvent the
synchronization problem, which can be quite complicated, and also
guarantee that the Exim process will never block on /dev/random. The
process that regenerate the keys can be invoked through cron.
- Re: [gnutls-dev] Feature request: not really random session keys, (continued)
- Re: [gnutls-dev] Feature request: not really random session keys, Florian Weimer, 2006/01/18
- Re: [gnutls-dev] Feature request: not really random session keys, Nikos Mavrogiannopoulos, 2006/01/18
- Re: [gnutls-dev] Feature request: not really random session keys, Werner Koch, 2006/01/19
- Re: [gnutls-dev] Feature request: not really random session keys, Florian Weimer, 2006/01/30
- Re: [gnutls-dev] Feature request: not really random session keys, Nikos Mavrogiannopoulos, 2006/01/30
- Re: [gnutls-dev] Feature request: not really random session keys, Florian Weimer, 2006/01/30
- Re: [gnutls-dev] Feature request: not really random session keys, Nikos Mavrogiannopoulos, 2006/01/30
- Re: [gnutls-dev] Feature request: not really random session keys, Florian Weimer, 2006/01/30
- Re: [gnutls-dev] Feature request: not really random session keys, Nikos Mavrogiannopoulos, 2006/01/30
- Re: [gnutls-dev] Feature request: not really random session keys, Andreas Metzler, 2006/01/30
- [gnutls-dev] Re: Feature request: not really random session keys,
Simon Josefsson <=
- Re: [gnutls-dev] Feature request: not really random session keys, Werner Koch, 2006/01/30
- Re: [gnutls-dev] Feature request: not really random session keys, Florian Weimer, 2006/01/30
- [gnutls-dev] Re: Feature request: not really random session keys, Simon Josefsson, 2006/01/30
- Re: [gnutls-dev] Re: Feature request: not really random session keys, Werner Koch, 2006/01/31
- Re: [gnutls-dev] Feature request: not really random session keys, Werner Koch, 2006/01/31
Re: [gnutls-dev] Feature request: not really random session keys, Florian Weimer, 2006/01/30