[gnutls-dev] Re: Feature request: not really random session keys
Werner Koch
wk at gnupg.org
Tue Jan 31 10:17:08 CET 2006
On Mon, 30 Jan 2006 17:44:41 +0100, Florian Weimer said:
> After a reboot, there is a lot of disk activity, and according to the
> current estimates, this creates a lot of entropy. So it's not a real
I have seen reports that this is really predictable and allows for
real world attacks.
>> It may be wise for systems to save the /dev/random pool on shutdown
>> and restore it on startup.
> Is this really a good idea? I mean, exposing the pool state like
> this?
All systems I know are doing just this (e.g. /etc/init.d/urandom).
This mitigates the problem described above.
Shalom-Salam,
Werner
More information about the Gnutls-dev
mailing list