[gnutls-dev] Feature request: not really random session keys

[Florian Weimer]

* Werner Koch:

> The same may happen with libgcrypt applications if several short
> living processes are running (Exim?).  I am not sure whether GnuTLS
> sets a random seed file at all.  Does it?

In case of Exim, it's regeneration of the RSA_EXPORT key.  It is not
serialized, either, so multiple Exim processes try to regenerate it
and consume increasing amounts of entropy.

> In the long term there will be no other way than to have a Libgcrypt
> specific daemon to maintain the entropy pool.

Why not fix /dev/random instead, and add the functionality which is
missing there?  With all the trouble with threading, forking, and so
on, it might make sense to put this into the kernel.