Uses too much entropy (Debian Bug #343085)

Simon Josefsson simon at josefsson.org
Fri Jan 4 18:24:46 CET 2008


Andreas Metzler <ametzler at downhill.at.eu.org> writes:

> On 2008-01-04 Simon Josefsson <simon at josefsson.org> wrote:
> [...]
>>   2) To make exim link to and call libgcrypt's functions to read and
>>      update a random seed file instead?
> [...]
>> For simplicity and non-experimentalness, I would recommend 2).  I can
>> assist in implementing this in exim, if that would help.  We'd
>> definitely need a good example of how to do this in the gnutls manual
>> anyway.
> [...]
>
> Well, the basic patch for testing seems to be this one, basically
> identical to the skeleton you described. I gets down entropy-usage
> for a single STARTTLS to <300 bits from > 3000. 

Nice.  How much does a similar server consume using openssl?  Do openssl
used by exim use a seed file?

/Simon



More information about the Gcrypt-devel mailing list