[gnutls-dev] Feature request: not really random session keys

Florian Weimer fw at deneb.enyo.de
Mon Jan 30 15:34:50 CET 2006


I tracked this down to the generation of the RSA_EXPORT key.  In this
case, bits from /dev/random are used, even though the generated key is
horribly insecure anyway.

Wouldn't it make sense to use only STRONG_RANDOM in this case, and not
VERY_STRONG_RANDOM?

(I have a distinct dejà-vu feeling about the whole matter.  Odd.)



More information about the Gnutls-dev mailing list