[gnutls-dev] Re: Feature request: not really random session keys
Simon Josefsson
jas at extundo.com
Wed Jan 18 15:01:16 CET 2006
Florian Weimer <fw at deneb.enyo.de> writes:
> The various DH implementations seem to end up calling
> gnutls_calc_dh_secret in lib/gnutls_dh.c:
>
> do {
> _gnutls_mpi_randomize(x, (x_size / 8) * 8, GCRY_STRONG_RANDOM);
> /* Check whether x is zero.
> */
> } while( _gnutls_mpi_cmp_ui( x, 0)==0);
>
> _gnutls_mpi_randomize is actually gcry_mpi_randomize. If I read the
> libgcrypt source correctly GCRY_STRONG_RANDOM maps to level 2, and
> this means that a corresponding number of bits has to be read from
> /dev/random.
STRONG_RANDOM is 1:
typedef enum gcry_random_level
{
GCRY_WEAK_RANDOM = 0,
GCRY_STRONG_RANDOM = 1,
GCRY_VERY_STRONG_RANDOM = 2
}
I believe only >= 2 should ever block.
More information about the Gnutls-dev
mailing list