[gnutls-dev] Feature request: not really random session keys

Florian Weimer fw at deneb.enyo.de
Mon Jan 30 14:18:43 CET 2006


* Werner Koch:

> The same may happen with libgcrypt applications if several short
> living processes are running (Exim?).  I am not sure whether GnuTLS
> sets a random seed file at all.  Does it?

In case of Exim, it's regeneration of the RSA_EXPORT key.  It is not
serialized, either, so multiple Exim processes try to regenerate it
and consume increasing amounts of entropy.

> In the long term there will be no other way than to have a Libgcrypt
> specific daemon to maintain the entropy pool.

Why not fix /dev/random instead, and add the functionality which is
missing there?  With all the trouble with threading, forking, and so
on, it might make sense to put this into the kernel.



More information about the Gnutls-dev mailing list