[gnutls-dev] Re: Feature request: not really random session keys

Werner Koch wk at gnupg.org
Tue Jan 31 10:17:08 CET 2006


On Mon, 30 Jan 2006 17:44:41 +0100, Florian Weimer said:

> After a reboot, there is a lot of disk activity, and according to the
> current estimates, this creates a lot of entropy.  So it's not a real

I have seen reports that this is really predictable and allows for
real world attacks.

>> It may be wise for systems to save the /dev/random pool on shutdown
>> and restore it on startup.

> Is this really a good idea?  I mean, exposing the pool state like
> this?

All systems I know are doing just this (e.g. /etc/init.d/urandom).
This mitigates the problem described above.



Shalom-Salam,

   Werner





More information about the Gnutls-devel mailing list