[gnutls-dev] Feature request: not really random session keys

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Wed Jan 18 14:43:41 CET 2006


On 1/18/06, Florian Weimer <fw at deneb.enyo.de> wrote:

> Yes, that's why I wrote "theoretical". 8-) I think it's completely
> acceptable to use a PRNG (instead of a real RNG) for those session
> keys.
> What I don't understand is that you say you are already using the PRNG
> source, and I find this hard to match with the source code and some
> reports from the trenches.

Hmmm, I cannot verify it right now, but everything up to STRONG_RANDOM
should have been using /dev/urandom. Only the VERY_STRONG_RANDOM
in libgcrypt should use /dev/random, but this is not used for normal
TLS sessions.
If this is not the case then it's probably a bug either in libgcrypt
or in gnutls.



More information about the Gnutls-dev mailing list