gnutls-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Uses too much entropy (Debian Bug #343085)


From: Simon Josefsson
Subject: Re: Uses too much entropy (Debian Bug #343085)
Date: Fri, 04 Jan 2008 13:35:26 +0100
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)

Matthias Urlichs <address@hidden> writes:

> Hi,
>
> Nikos Mavrogiannopoulos:
>> I don't understand these comments. The libgcrypt's generator can be
>> used in a separate processes. It doesn't mean it gathers any entropy
>> except for using /dev/urandom as usual.
>> 
> Ah, thanks for the correction.
>
> In that case, if it's "as usual", why run the daemon in the first place?

I think the daemon is there to help libgcrypt maintain randomness state
between invocations of applications that use randomness from libgcrypt.
Libgcrypt talks with it.  But I haven't used the feature either (it is
experimental) so I don't know for sure.  Cc'ing libgcrypt-devel for
corrections.

> To clarify: I don't have an issue with gnutls eating randomness from the
> pool. The randomness is there to be eaten.
>
> However, reading 3000+ bits every time a server (or client) starts up
> does seem a bit excessive. I seriously doubt that it needs that many.

The 3000+ bits part doesn't seem excessive to me, but I think the
problem is that it is required each time a server or client starts up.
Saving a random seeds file would help with this.  Or using the libgcrypt
daemon, if it works as I think it does.

/Simon




reply via email to

[Prev in Thread] Current Thread [Next in Thread]