[gnutls-dev] Re: ongoing entropy problems

[Andreas Metzler]

On 2006-01-31 Simon Josefsson <jas at extundo.com> wrote:
> Jason Lunz <lunz at falooley.org> writes:
> > Are the gnutls developers aware of the ongoing entropy-pool-draining
> > problems with gnutls in exim4? For example:

> > http://article.gmane.org/gmane.linux.debian.devel.exim4.user/477

> > Is this a known problem? Can something be done about it?

> We are working on it, please see the other current threads on the
> mailing list.

> I believe we have identified the problem, and proposed a solution, so
> a exim developer could probably implement it.  Any exim developers
> following this?

Hello,
As far as I gather from reading http://bugs.debian.org/343085 and the
thread "Feature request: not really random session keys" on gnutls-dev
there are two problems.

#1: Online, blocking generation of RSA-params and DH-params in exim.
This is already fixed for quite some time in exim (thanks Nikos
Mavrogiannopoulos), it switched to using a certtool-compatible
fileformat for these parameters and certtool can be used for
generating them offline.

#2: Florian Weimer wrote in http://bugs.debian.org/343085
| As a side note: With GNU TLS, every _single_ encrypted mail
| transmission _totally_ depletes my entropy pool (going from ~3500 to
| ~150), but after recompiling Exim4 with OpenSSL, only about 200 bits
| (the number is difficult to measure, but it is way less than with GNU
| TLS) are used.

For bug #2 /dev/urandom is used, therefore there is no blocking in
exim, just the fact that anything using /dev/random will block, as
there is no entropy left.

The issue Jason is refereing to is #2, which is not fixed /yet/ but
known.
         cu andreas
-- 
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.                                (c) Jasper Ffforde