How experimental is --enable-random-daemon?

Werner Koch wk at
Tue Mar 11 17:01:03 CET 2008

On Mon, 10 Mar 2008 19:24, ametzler at said:

> alright. Would you outright recommed against using it in production
> environments?

I wrote it once but did not gave it proper testing.  In case it helps
with exim it should be better than nothing.

> - A pid file would be nice.


> - Why isn't the daemon used by default if specified at compile time?
>   Needing to patch every gcrypt using application (or at least
>   libgnutls) to get best benefits seems to be suboptimal.
>   gcry_control (GCRYCTL_USE_RANDOM_DAEMON, 1)

It is not matured enough and it gives a new option to snoop on the
random numbers, namely the socket used for the connection.  I would not
use it for key generation or other critical appications.  For Exim use
it should be fine and you should enable this only within Exim.

However, I would prefer to see why the patch crashes Exim.  I have not
yet looked at it, though.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gcrypt-devel mailing list