[gnutls-dev] Re: ongoing entropy problems

Jason Lunz lunz at falooley.org
Tue Jan 31 21:30:44 CET 2006


wk at gnupg.org said:
> Please don't just send a link.  Not everyone has online access while
> processing mails.

Apologies. I see now that this thread:

> From: Florian Weimer <fw at deneb.enyo.de>
> Subject: Feature request: not really random session keys
> 
> Okay, the subject line might be a bit misleading.  On server machines,
> random bits are a very scarce ressource, and you cannot really afford
> to throw them a way at a rate of a few kbps.

is exactly what I was asking about.

For the record, the specific problem I was referring to is this:

> From: Sven Hartge <sven <at> svenhartge.de>
> Subject: Re: Downgrading or removing TLS due to lack of entropy
> 
> Um 15:43 Uhr am 19.01.06 schrieb Marc Haber:
> 
> > Additionally, the latest exim4 packages (starting with 4.60-3) allow
> > optionally build with openssl instead of GnuTLS. If you have the
> > possiblity to re-build exim4 locally, this may be an option. I would
> > also be interested in learning whether this actually works better
> > than GnuTLS.
> 
> I have been hit by the entropy problem as well, but it was really bad, 
> since only some encrypted mails caused a major DoS on my server, since the 
> entropie pool was depleted so fast (in fact, just _one_ mail was needed 
> for the pool to go from 3500 to about 120), the kernel was not able to 
> refill it fast enough.
> 
> After recompiling exim with OpenSSL, this problem went away.
> 
> So in my opinion, the is definitely something wrong with gnutls as it uses 
> _way_ to much entropie from the pool as compared to openssl.

What exacerbates the situation is that the default MTA for debian stable
is exim4, which easily experiences this entropy problem if TLS is
enabled. (It isn't, by default).

Maybe an example will illustrate just how bad the problem is: I run a
small mail server on an old AMD-K6 475MHz system. It runs only ssh,
smtp, and imaps, serving a total of TWO (2) email accounts. The smtp
server is exim4, using gnutls. The imaps server is dovecot, linked with
openssl. That small of a load was enough to cause unusable smtp STARTTLS
service as a result of blocked reads on /dev/random.

Jason





More information about the Gnutls-devel mailing list