Uses too much entropy (Debian Bug #343085)

Simon Josefsson simon at josefsson.org
Fri Jan 4 15:39:20 CET 2008


Werner Koch <wk at gnupg.org> writes:

> On Fri,  4 Jan 2008 13:35, simon at josefsson.org said:
>
>> I think the daemon is there to help libgcrypt maintain randomness state
>> between invocations of applications that use randomness from libgcrypt.
>
> Right.  And it is still flagged as experimental because it lacks any
> fair distribution of random to requesting clients.

You mean the problem where one client requests a lot of randomness,
which would hurt the randomness received by other clients?

Maybe we could simply punt on that problem.  The /dev/*random devices
have the same problem, doesn't it?

What practical problem would there be in documentation that states 'Make
sure you don't run clients that requests too much entropy from the
daemon'?

Another solution, how about to refuse to give out entropy to processes
not listed in a world-readable but root-writable file
/etc/libgcryptd.conf file?

/Simon



More information about the Gcrypt-devel mailing list