[gnutls-dev] Feature request: not really random session keys
Florian Weimer
fw at deneb.enyo.de
Wed Jan 18 10:44:17 CET 2006
Okay, the subject line might be a bit misleading. On server machines,
random bits are a very scarce ressource, and you cannot really afford
to throw them a way at a rate of a few kbps. Yet if you run certain
network servers (or clients) with GNUTLS, this is what happens -- and
these servers stall from time to time, waiting for more randomness.
I would like to see an additional API which allows code to degrade
session key randomness to a mere PRNG (i.e. /dev/urandom instead of
/dev/random). In a theoretical sense, this sacrifices Perfect Forward
Secrecy, but for some applications (MTAs, for example) this is not
such a relevant issue anyway.
More information about the Gnutls-dev
mailing list