Re: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085)

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085)

From:	Simon Josefsson
Subject:	Re: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
Date:	Tue, 08 Jan 2008 17:16:02 +0100
User-agent:	Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)

Werner Koch <address@hidden> writes:

> On Tue,  8 Jan 2008 11:59, address@hidden said:
>
>> Anyway there 3000 calls to /dev/urandom are far too many for an initial
>> pool filling.  I need to check this.
>
> Found it.  The bug was introduced with libgcrypt 1.3.1.  Here is a patch:

Thanks.  Running gnutls-cli using libgcrypt SVN leads to:

random usage: poolsize=600 mixed=25 polls=25/113 added=593/12956
              outmix=3 getlvl1=3/136 getlvl2=0/0

Compared to the old situation:

random usage: poolsize=600 mixed=621 polls=3000/117 added=3588/370308
              outmix=3 getlvl1=3/136 getlvl2=0/0

So we have reduced /dev/urandom consumption from 3000*120=360kb to
25*120=3kb, right?  Strace also confirms the latter amount.  That's
good.

Still, 3kb per TLS connection is excessive, so I still recommend exim to
set a libgcrypt seeds file to solve the problem.

Thanks,
/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Bug#448775: Uses too much entropy (Debian Bug #343085), (continued)

Prev by Date: Re: GnuTLS 2.3.0
Next by Date: Re: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
Previous by thread: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
Next by thread: Re: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
Index(es):
- Date
- Thread