Bug#448775: Uses too much entropy (Debian Bug #343085)
Florian Weimer
fweimer at bfk.de
Thu Mar 13 09:32:17 CET 2008
* Andreas Metzler:
> we still seem have not been able to find a really working solution,
> this patch <http://svn.debian.org/wsvn/pkg-exim4/exim/trunk/debian/patches/65_saverandomseed.dpatch?op=file&rev=0&sc=0>
> causes crashes in exim.
IIRC, I have already posted this, but perhaps my wording was a bit
unclear.
I don't think the seed file approach works for a forking daemon like
Exim because you cannot guaranteed an undisturbed read/modify/write
cycle on the seed file. Locking is out of the question, too, because
it would bring the mail system to a standstill. And it's arguably not
a good idea to reuse the same seed file in different forked children.
You need a separate daemon, or trust the kernel and read fewer bytes
from /dev/urandom.
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the Gcrypt-devel
mailing list