[gnutls-dev] Re: Gnutls4Win: gnutls_global_init takes > 10 seconds
Werner Koch
wk at gnupg.org
Sun Nov 5 15:59:30 CET 2006
On Fri, 3 Nov 2006 18:26, Tim Kosse said:
> Is that much data neccessary to seed the prng?
Yes. You mind what to track Peter Gutmann's changes to cryptlib to
check what he changed over time. We might be able to merges some
chnages. Hoever this needs to be done with great care.
>> Using the MS API is not an option - you don't know what they are
>> doing. Better be safe and try what we can do.
>
> Not even in addition to the other methods?
No. It increases complexity.
If you don't want a seed file, you have to live with it. Your goal is
not to leave any traces but you consider to use the MS Crypto API?
How do you know that there are no traces left then? The random seed
file is not that sensitive. It is of course good not to reveal it -
but it is not more a problem than to use a proprietary API.
Shalom-Salam,
Werner
More information about the Gnutls-dev
mailing list