[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
From: |
Andreas Metzler |
Subject: |
Re: Bug#448775: Uses too much entropy (Debian Bug #343085) |
Date: |
Fri, 4 Jan 2008 10:48:48 +0100 |
User-agent: |
Mutt/1.5.13 (2006-08-11) |
On 2008-01-04 Nikos Mavrogiannopoulos <address@hidden> wrote:
> On Jan 3, 2008 2:32 AM, Marc Haber <address@hidden> wrote:
[...]
>> http://savannah.gnu.org/support/?106113 and
>> http://savannah.gnu.org/support/?106112 were filed.
>> The entropy issue is also mentioned in http://bugs.debian.org/446036
>> and http://bugs.debian.org/448775.
> My point of view was:
>> This looks more like a bug of the implementation of /dev/random
>> and /dev/urandom rather than a gnutls bug. GnuTLS (libgcrypt)
>> reads >some bytes per process from /dev/urandom in order to be
>> able to initialize it's PRNG. Since exim uses lots of processes
>> the /dev/urandom pool could be exhausted. Since /dev/urandom is
>> public the security of the system shouldn't depend on someone
>> reading bytes from it. You replied:
>> have to disagree with this being a kernel bug. man 4 random on
>> Linux documents how /dev/urandom behaves, and is supposed to
>> behave. "Some bytes" looks more like "a few hundred bytes", and
>> Exim does not exhaust /dev/urandom as badly when OpenSSL is used.
Hello,
The amount of data read from /dev/urandom in Gnutls/Gcrypt is on a
different scale than in openssl:
When acting as a server gnutls pulls that much data from /dev/urandom
that entropy available for /dev/random is down to its minimum
safeguard. ((it is not possible to completely deplete /dev/random by
reading from /dev/urandom in current kernels)
address@hidden:~$ cat /proc/sys/kernel/random/entropy_avail && gnutls-serv --x
509keyfile /tmp/CERT/exim.key --x509certfile /tmp/CERT/exim.crt & sleep 1 && ca
t /proc/sys/kernel/random/entropy_avail
[1] 5356
3591
Echo Server ready. Listening to port '5556'.
139
address@hidden:~$ cat /proc/sys/kernel/random/entropy_avail && openssl s_serve
r -cert /tmp/CERT/exim.crt -key /tmp/CERT/exim.key -accept 5556 & sleep 1 &&
cat /proc/sys/kernel/random/entropy_avail
[1] 7139
3596
[...]
3361
The same thing happens when gnutls acts as a client (It does not
matter whether the server is gnutls-serv or openssl s_client since both
do no fork but setup the RNG at startup.)
address@hidden:~$ cat /proc/sys/kernel/random/entropy_avail && echo xx | open
ssl s_client -connect localhost:5556 && cat
/proc/sys/kernel/random/entropy_avail
3585
[...]
3329
address@hidden:~$ cat /proc/sys/kernel/random/entropy_avail && echo xx |
gnutls-cli -p 5556 localhost > /dev/null 2>&1 && cat
/proc/sys/kernel/random/entrop
y_avail
3593
[...]
140
(Tests done with GnuTLS 1.4.4., I don't think there have been
substantial changes in the libraries in that respect. 2.0.4 behaves
the same.)
So with a forking daemon (therefore initialising the RNG for every in-
and outgoing connection) GnuTLS will deplete entropy_avail to its
bare minimum vor every single connection, while openssl only takes
about 7%.
What is the actual cause of this difference in resource usage?
cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
- Uses too much entropy (Debian Bug #343085), Marc Haber, 2008/01/02
- Re: Uses too much entropy (Debian Bug #343085), Nikos Mavrogiannopoulos, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085),
Andreas Metzler <=
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Nikos Mavrogiannopoulos, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Simon Josefsson, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Florian Weimer, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Simon Josefsson, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Simon Josefsson, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Florian Weimer, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Simon Josefsson, 2008/01/04