[Help-gnutls] Alternate random device for certtool
Werner Koch
wk at gnupg.org
Thu Dec 4 22:00:46 CET 2008
On Thu, 4 Dec 2008 19:52, nmav at gnutls.org said:
>> gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
> Why is this? As far as I understand the only difference was that it uses
> /dev/urandom instead of /dev/random.
Because this has always been the case. QUICK_RANDOM was and is just a
testing hack.
>> @item transient-key
> Is this stronger than using /dev/urandom?
It is not a matter of being stronger but of being a feature.
transient-key is suposed to be used for one-off keys and other keys
which are not that valuable. In general it is always better to use the
defaults for generating a key; see onl the recent BSD problems with
their RNG. This would not have been the case with a blocking one.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gcrypt-devel
mailing list