Re: Uses too much entropy (Debian Bug #343085)

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Uses too much entropy (Debian Bug #343085)

From:	Simon Josefsson
Subject:	Re: Uses too much entropy (Debian Bug #343085)
Date:	Fri, 04 Jan 2008 17:08:03 +0100
User-agent:	Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)

Werner Koch <address@hidden> writes:

>> Another solution, how about to refuse to give out entropy to processes
>> not listed in a world-readable but root-writable file
>> /etc/libgcryptd.conf file?
>
> Well it is experimental and I had similar ideas.  If I remember right I
> implemented the daemon thing when we first talked about the exim problem
> or to help other short-living processes.

So I guess the question is for the exim people: which approach do you
prefer?

  1) Require that the system run the libgcrypt daemon to maintain a
     global randomness pool.  (Or if the user uses a kernel that doesn't
     have PRNG saturation problems that Linux does... anyone knows if
     FreeBSD or GNU/Hurd have similar issues?)

  2) To make exim link to and call libgcrypt's functions to read and
     update a random seed file instead?

  3) continue discussing other solutions...

For simplicity and non-experimentalness, I would recommend 2).  I can
assist in implementing this in exim, if that would help.  We'd
definitely need a good example of how to do this in the gnutls manual
anyway.

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085), (continued)

Prev by Date: Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
Next by Date: On dropping -D_REENTRANT -D_THREAD_SAFE
Previous by thread: Re: Uses too much entropy (Debian Bug #343085)
Next by thread: Re: Uses too much entropy (Debian Bug #343085)
Index(es):
- Date
- Thread