[gnutls-dev] Feature request: not really random session keys

Florian Weimer fw at deneb.enyo.de
Mon Jan 30 15:14:22 CET 2006


* Nikos Mavrogiannopoulos:

> On 1/30/06, Florian Weimer <fw at deneb.enyo.de> wrote:
>
>> > The same may happen with libgcrypt applications if several short
>> > living processes are running (Exim?).  I am not sure whether GnuTLS
>> > sets a random seed file at all.  Does it?
>> In case of Exim, it's regeneration of the RSA_EXPORT key.  It is not
>> serialized, either, so multiple Exim processes try to regenerate it
>> and consume increasing amounts of entropy.
>
> As far as I remember it was saving it to a file to eliminate the need
> for regeneration every time. Isn't this the case any more?

It does, but when it's not there (or outdated, apparently), every
delivery process which needs it tries to regenerate it in parallel.
If you have a busy mail server, this is quite noticeable.  (It doesn't
matter if you only process a few thousand messages per day.)



More information about the Gnutls-dev mailing list