Bug#448775: Uses too much entropy (Debian Bug #343085)
nmav at gnutls.org
Fri Jan 4 10:59:58 CET 2008
On Jan 4, 2008 11:48 AM, Andreas Metzler <ametzler at downhill.at.eu.org> wrote:
> >> have to disagree with this being a kernel bug. man 4 random on
> >> Linux documents how /dev/urandom behaves, and is supposed to
> >> behave. "Some bytes" looks more like "a few hundred bytes", and
> >> Exim does not exhaust /dev/urandom as badly when OpenSSL is used.
> The amount of data read from /dev/urandom in Gnutls/Gcrypt is on a
> different scale than in openssl:
> So with a forking daemon (therefore initialising the RNG for every in-
> and outgoing connection) GnuTLS will deplete entropy_avail to its
> bare minimum vor every single connection, while openssl only takes
> about 7%.
> What is the actual cause of this difference in resource usage?
This is mostly a question for libgcrypt developers, but I believe
libgcrypt initializes the PRNG in a more conservative way.
More information about the Gnutls-devel