[gnutls-dev] Speed of random data generation
    Werner Koch 
    wk at gnupg.org
       
    Thu Jun 14 18:36:51 CEST 2007
    
    
  
On Wed, 13 Jun 2007 19:45, ametzler at downhill.at.eu.org said:
> OpenSSL also simply seems pulls less bytes from the device for doing
> the same thing. "certtool --generate-dh-params --bits 1024" almost
> completely depletes the entropy pool, (down from 3596 to 143 bytes[1]
> according to /proc/sys/kernel/random/entropy_avail, while the
That is indeed a lot.  gnutls uses libgcrypt and luibcgrypt rquires that
its internal random pool gets filled with enough high quality random;
i.e. 600 bytes.  That should be sufficient for creating a secret prime
but it depends on how it is implemented.  
Salam-Shalom,
   Werner
    
    
More information about the Gnutls-devel
mailing list