Bug#448775: Uses too much entropy (Debian Bug #343085)

Florian Weimer fweimer at bfk.de
Thu Mar 13 09:32:17 CET 2008


* Andreas Metzler:

> we still seem have not been able to find a really working solution,
> this patch <http://svn.debian.org/wsvn/pkg-exim4/exim/trunk/debian/patches/65_saverandomseed.dpatch?op=file&rev=0&sc=0>
> causes crashes in exim.

IIRC, I have already posted this, but perhaps my wording was a bit
unclear.

I don't think the seed file approach works for a forking daemon like
Exim because you cannot guaranteed an undisturbed read/modify/write
cycle on the seed file.  Locking is out of the question, too, because
it would bring the mail system to a standstill.  And it's arguably not
a good idea to reuse the same seed file in different forked children.

You need a separate daemon, or trust the kernel and read fewer bytes
from /dev/urandom.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99



More information about the Gcrypt-devel mailing list