[gnutls-dev] Re: Feature request: not really random session keys

Simon Josefsson jas at extundo.com
Wed Jan 18 15:01:16 CET 2006


Florian Weimer <fw at deneb.enyo.de> writes:

> The various DH implementations seem to end up calling
> gnutls_calc_dh_secret in lib/gnutls_dh.c:
>
>   do {
>       _gnutls_mpi_randomize(x, (x_size / 8) * 8, GCRY_STRONG_RANDOM);
>       /* Check whether x is zero.
>        */
>   } while( _gnutls_mpi_cmp_ui( x, 0)==0);
>
> _gnutls_mpi_randomize is actually gcry_mpi_randomize.  If I read the
> libgcrypt source correctly GCRY_STRONG_RANDOM maps to level 2, and
> this means that a corresponding number of bits has to be read from
> /dev/random.

STRONG_RANDOM is 1:

typedef enum gcry_random_level
  {
    GCRY_WEAK_RANDOM = 0,
    GCRY_STRONG_RANDOM = 1,
    GCRY_VERY_STRONG_RANDOM = 2
  }

I believe only >= 2 should ever block.



More information about the Gnutls-dev mailing list