[gnutls-dev] Feature request: not really random session keys

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Wed Jan 18 14:19:59 CET 2006


On 1/18/06, Florian Weimer <fw at deneb.enyo.de> wrote:

> > Well, gnutls shouldn't use /dev/random on normal server use. For
> > example if you use only TLS /dev/random shouldn't be accessed. Only
> > if you generate private keys (or RSA parameters) /dev/random will be
> > used.
> TLS needs session keys, and they seem to use cryptographically strong
> random numbers.

Indeed and /dev/urandom is adequate for this kind of keys. Only
for long-lived keys such as the private keys /dev/random is used.



More information about the Gnutls-dev mailing list