help-gnutls
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnutls] Alternate random device for certtool

From: Daniel Kahn Gillmor
Subject: Re: [Help-gnutls] Alternate random device for certtool
Date: Thu, 27 Nov 2008 12:27:26 -0500
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) 
On Wed 2008-11-26 19:04:52 -0500, Teran McKinney wrote:

> I am using Gnutls 2.6.2, but have had no luck generating certificates
> with certtool. I found that it uses /dev/random instead of
> /dev/urandom

How are you determining that it uses /dev/random?

I'm using gnutls 2.6.2 from debian's experimental repository, and it
seems to be pulling from /dev/urandom unless i pass it the
--disable-quick-random flag.  It does apparently check to make sure
that /dev/random is readable, but it doesn't open the file unless it
needs to:

address@hidden:~$ time strace certtool -p --outfile /dev/null 2>&1 | grep random
access("/dev/random", R_OK)             = 0
access("/dev/urandom", R_OK)            = 0
open("/dev/urandom", O_RDONLY)          = 4

real    0m5.453s
user    0m5.284s
sys     0m0.020s
address@hidden:~$ time strace certtool -p --disable-quick-random --outfile 
/dev/null 2>&1 | grep random
execve("/usr/bin/certtool", ["certtool", "-p", "--disable-quick-random", 
"--outfile", "/dev/null"], [/* 15 vars */]) = 0
access("/dev/random", R_OK)             = 0
access("/dev/urandom", R_OK)            = 0
open("/dev/urandom", O_RDONLY)          = 4
write(2, "This might take several minutes d"..., 88This might take several 
minutes depending on availability of randomness in /dev/random.
open("/dev/random", O_RDONLY)           = 5

real    1m5.935s
user    0m4.668s
sys     0m0.036s
address@hidden:~$ dpkg -l gnutls-bin libgnutls26
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name           Version        Description
+++-==============-==============-============================================
ii  gnutls-bin     2.6.2-1        the GNU TLS library - commandline utilities
ii  libgnutls26    2.6.2-1        the GNU TLS library - runtime library
address@hidden:~$ 

           --dkg

Attachment: pgpX5HFrGSqbi.pgp
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]