[gnutls-dev] Feature request: not really random session keys

Werner Koch wk at gnupg.org
Thu Jan 19 10:05:05 CET 2006

On Wed, 18 Jan 2006 14:43:41 +0100, Nikos Mavrogiannopoulos said:

> Hmmm, I cannot verify it right now, but everything up to STRONG_RANDOM
> should have been using /dev/urandom. Only the VERY_STRONG_RANDOM
> in libgcrypt should use /dev/random, but this is not used for normal

We have a similar problem in gpg: Saving libcgrypt's random seed to a
file is not protected by a file locking.  So when several gppg
processes run it may happen that one sees an empty seed file and now
starts to fill it up agains - this time from /dev/random!  The
solution is to lock the seed file.

The same may happen with libgcrypt applications if several short
living processes are running (Exim?).  I am not sure whether GnuTLS
sets a random seed file at all.  Does it?

The quick solution would be to uses fcntl locks which are available on
all modern OSes.

In the long term there will be no other way than to have a Libgcrypt
specific daemon to maintain the entropy pool.  I already wrote about
the problems we are facing with such a solution
(<873bjx8n4f.fsf at wheatstone.g10code.de>).



More information about the Gnutls-devel mailing list