[gnutls-dev] Re: Feature request: not really random session keys

Simon Josefsson jas at extundo.com
Mon Jan 30 16:30:25 CET 2006


Florian Weimer <fw at deneb.enyo.de> writes:

> I tracked this down to the generation of the RSA_EXPORT key.  In this
> case, bits from /dev/random are used, even though the generated key is
> horribly insecure anyway.
>
> Wouldn't it make sense to use only STRONG_RANDOM in this case, and not
> VERY_STRONG_RANDOM?

Perhaps.  But doesn't this happen for non-RSA_EXPORT keys too?  We
wouldn't want to make that change there.  It seems better to fix Exim
here.



More information about the Gnutls-dev mailing list