[Help-gnutls] Alternate random device for certtool

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Dec 4 19:52:33 CET 2008


Werner Koch wrote:
> On Sat, 29 Nov 2008 09:21, nmav at gnutls.org said:
> 
>> I upgraded to gcrypt 1.4.4 and I notice the same delay, and strace shows
>> that /dev/random is being used even with this flag.
> 
> What you do in certtool is to call 
> 
>   if (info.quick_random != 0)
>     gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
[...]
> you see the flag can't be set in this case.  What you need to do is
> to set this flag during initialization: That is after a first call to
> gcry_check_version.  This is how it is done in by libgcrypt regression
> tests.
> Anyway, using this flag is strongly discouraged.  It is only useful for
> testing.  gpg for example refuse to use a key if the random number
> generator is in this mode and the User ID of the key is not flagged as
> insecure.  That is a bit paranoid but older version of libgcrypt even
> did not used a strong RNG in the quick mode.

Why is this? As far as I understand the only difference was that it uses
/dev/urandom instead of /dev/random.

> If you want to use not so strong keys, you better use the transient-key
> feature available since 1.4.2:
> 
>   @item transient-key
>   This is only meaningful for RSA keys.  This is a flag with no value.  If
>   given the RSA key is created using a faster and a somewhat less secure
>   random number generator.  This flag may be used for keys which are only
>   used for a short time and do not require full cryptographic strength.

Is this stronger than using /dev/urandom?


regards,
Nikos





More information about the Gcrypt-devel mailing list