[gnutls-dev] Feature request: not really random session keys

Werner Koch wk at gnupg.org
Mon Jan 30 15:21:34 CET 2006


On Mon, 30 Jan 2006 14:18:43 +0100, Florian Weimer said:

> Why not fix /dev/random instead, and add the functionality which is
> missing there?  With all the trouble with threading, forking, and so
> on, it might make sense to put this into the kernel.

Sure.  That was orginally Ted Tso's plan but he could not get a solid
RNG into the kernel because the kernel hackers required to amke
/dev/random optional and Ted's plan was to have a solid RNG in the
kernel as a standard service.

With all the changes to the RNG (or better the so-called entropy
sources) I still feel safer to add some extra processing to
/dev/random.

Some OSes don't have a /dev/random or worse a predictable one (some OS X).
Thus we need to do it on our own to be portable.


Salam-Shalom,

   Werner






More information about the Gnutls-dev mailing list