[gnutls-dev] Re: living without global variables

Simon Josefsson jas at extundo.com
Mon Jan 9 14:42:24 CET 2006


bryanh at giraffe-data.com (Bryan Henderson) writes:

> I don't really know much about encryption, but don't some OS kernels have
> device drivers that provide a computer-wide entropy pool?

Yes, if you build GnuTLS with crypto from gnulib, it will read
randomness from /dev/*random.  There are at least two problems with
that approach:

1) /dev/*random doesn't provide good randomness on several platforms.

2) Reading a lot from /dev/*random might deplete the system randomness
   pool.

/Simon




More information about the Gnutls-devel mailing list