[gnutls-dev] Feature request: not really random session keys
Florian Weimer
fw at deneb.enyo.de
Wed Jan 18 14:39:28 CET 2006
* Nikos Mavrogiannopoulos:
>> I would like to see an additional API which allows code to degrade
>> session key randomness to a mere PRNG (i.e. /dev/urandom instead of
>> /dev/random). In a theoretical sense, this sacrifices Perfect Forward
>> Secrecy
>
> This is not really true. Only if you consider the /dev/urandom algorithms
> and the libgcrypt PRNG broken.
Yes, that's why I wrote "theoretical". 8-) I think it's completely
acceptable to use a PRNG (instead of a real RNG) for those session
keys.
What I don't understand is that you say you are already using the PRNG
source, and I find this hard to match with the source code and some
reports from the trenches.
More information about the Gnutls-dev
mailing list