[patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085)

Simon Josefsson simon at josefsson.org
Tue Jan 8 17:16:02 CET 2008


Werner Koch <wk at gnupg.org> writes:

> On Tue,  8 Jan 2008 11:59, wk at gnupg.org said:
>
>> Anyway there 3000 calls to /dev/urandom are far too many for an initial
>> pool filling.  I need to check this.
>
> Found it.  The bug was introduced with libgcrypt 1.3.1.  Here is a patch:

Thanks.  Running gnutls-cli using libgcrypt SVN leads to:

random usage: poolsize=600 mixed=25 polls=25/113 added=593/12956
              outmix=3 getlvl1=3/136 getlvl2=0/0

Compared to the old situation:

random usage: poolsize=600 mixed=621 polls=3000/117 added=3588/370308
              outmix=3 getlvl1=3/136 getlvl2=0/0

So we have reduced /dev/urandom consumption from 3000*120=360kb to
25*120=3kb, right?  Strace also confirms the latter amount.  That's
good.

Still, 3kb per TLS connection is excessive, so I still recommend exim to
set a libgcrypt seeds file to solve the problem.

Thanks,
/Simon



More information about the Gcrypt-devel mailing list