[gnutls-dev] Re: Feature request: not really random session keys
jas at extundo.com
Mon Jan 30 17:51:01 CET 2006
Florian Weimer <fw at deneb.enyo.de> writes:
>> Some OSes don't have a /dev/random or worse a predictable one (some OS X).
>> Thus we need to do it on our own to be portable.
> Then you need a special daemon. However, I would like to avoid the
> additional administrative overhead on systems where the kernel can be
Moving this complexity away from applications (GnuTLS, GNU SASL,
Shishi, ...) seem like something very useful. Simply moving it to an
external daemon is good enough, improving /dev/random on Linux would
be an optimization.
Should we write a simple daemon 'grngd', based on libgcrypt, and start
to use it? That should be simple. It should likely register two
sockets, one suitable for short-term session keys and one for
long-term keys, matching /dev/urandom and /dev/random.
Is there any point for us to look at EGD?
I think I'll take up on this exercise soon.
More information about the Gnutls-devel