[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
From: |
Guus Sliepen |
Subject: |
Re: Bug#448775: Uses too much entropy (Debian Bug #343085) |
Date: |
Sat, 5 Jan 2008 14:17:25 +0100 |
User-agent: |
Mutt/1.5.17 (2007-11-01) |
On Fri, Jan 04, 2008 at 10:48:48AM +0100, Andreas Metzler wrote:
> When acting as a server gnutls pulls that much data from /dev/urandom
> that entropy available for /dev/random is down to its minimum
> safeguard. ((it is not possible to completely deplete /dev/random by
> reading from /dev/urandom in current kernels)
>
> address@hidden:~$ cat /proc/sys/kernel/random/entropy_avail && gnutls-serv --x
> 509keyfile /tmp/CERT/exim.key --x509certfile /tmp/CERT/exim.crt & sleep 1 &&
> ca
> t /proc/sys/kernel/random/entropy_avail
> [1] 5356
> 3591
> Echo Server ready. Listening to port '5556'.
> 139
>
>
> address@hidden:~$ cat /proc/sys/kernel/random/entropy_avail && openssl s_serve
> r -cert /tmp/CERT/exim.crt -key /tmp/CERT/exim.key -accept 5556 & sleep 1 &&
> cat /proc/sys/kernel/random/entropy_avail
> [1] 7139
> 3596
> [...]
> 3361
Just FYI: I used strace on openssl s_server -nocert and gnutls-serv, and
I noticed the following:
"openssl s_server" reads 32 bytes from /dev/urandom
"gnutls-serv" reads 3000 times 120 bytes from /dev/urandom, yes, 360 kilobytes!
It is no wonder that when strong random data is required later on, the
entropy pool is completely empty with gnutls-serv. For example, if I
just start "gnutls-serv -g", it will always block while trying to read
300 bytes from an empty /dev/random in order to generate temporary RSA
parameters.
I also noticed that on my machine, /proc/sys/kernel/random/entropy_avail
never exceeds 3600, so by reading 300 bytes, you're using 2/3 of a full
pool.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <address@hidden>
signature.asc
Description: Digital signature
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), (continued)
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Simon Josefsson, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Florian Weimer, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Simon Josefsson, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/08
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Andreas Metzler, 2008/01/30
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/31
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Ian Goldberg, 2008/01/04
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/08
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Marcus Brinkmann, 2008/01/09
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085),
Guus Sliepen <=
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/08
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Simon Josefsson, 2008/01/08
- Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/08
- [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/08
- Re: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Simon Josefsson, 2008/01/08
- Re: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/08
- Re: [patch] Uses too much entropy (Debian Bug #343085), Andreas Metzler, 2008/01/20
- Re: [patch] Uses too much entropy (Debian Bug #343085), Werner Koch, 2008/01/21
Re: Uses too much entropy (Debian Bug #343085), Matthias Urlichs, 2008/01/04