Extremely Slow Ed25519 Key Generation (Entropy Source?)

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Sep 30 21:55:16 CEST 2017

On Thu 2017-09-28 14:26:26 +0200, Werner Koch wrote:
> Put this into /etc/gcrypt/random.conf
> # Only use /dev/urandom
> only-urandom
> --8<---------------cut here---------------end--------------->8---
> That is in general okay because on modern kernels we anyway use the
> getrandom call and thus we are eben safe at boot time.

If we're using getrandom() with the appropriate semantics, shouldn't
this be the default?  As random(4) says:

       The  /dev/random  interface  is  considered  a  legacy  interface,  and
       /dev/urandom is preferred and sufficient in all  use  cases,  with  the
       exception  of  applications  which require randomness during early boot
       time; for  these  applications,  getrandom(2)  must  be  used  instead,
       because it will block until the entropy pool is initialized.

What is the right default here?


More information about the Gcrypt-devel mailing list