Uses too much entropy (Debian Bug #343085)

Marc Haber mh+gnutls-devel at zugschlus.de
Fri Jan 4 21:18:36 CET 2008


On Fri, Jan 04, 2008 at 08:40:44PM +0100, Simon Josefsson wrote:
> Interesting, 235/8=29.375 bytes.  The minimum randomness needed per TLS
> session would be 28 bytes for client hello random_bytes plus 46 bytes
> for the PreMasterSecret (if RSA is used for key exchange).  If openssl
> is using /dev/urandom, I think it is overly optimistic about the quality
> of that data.

I suspect that it only uses data from /dev/u?random to seed its own
PRNG.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190



More information about the Gcrypt-devel mailing list