How experimental is --enable-random-daemon?
Werner Koch
wk at gnupg.org
Tue Mar 11 17:01:03 CET 2008
On Mon, 10 Mar 2008 19:24, ametzler at downhill.at.eu.org said:
> alright. Would you outright recommed against using it in production
> environments?
I wrote it once but did not gave it proper testing. In case it helps
with exim it should be better than nothing.
> - A pid file would be nice.
Noted.
> - Why isn't the daemon used by default if specified at compile time?
> Needing to patch every gcrypt using application (or at least
> libgnutls) to get best benefits seems to be suboptimal.
> gcry_control (GCRYCTL_USE_RANDOM_DAEMON, 1)
It is not matured enough and it gives a new option to snoop on the
random numbers, namely the socket used for the connection. I would not
use it for key generation or other critical appications. For Exim use
it should be fine and you should enable this only within Exim.
However, I would prefer to see why the patch crashes Exim. I have not
yet looked at it, though.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gcrypt-devel
mailing list