Uses too much entropy (Debian Bug #343085)
Simon Josefsson
simon at josefsson.org
Fri Jan 4 13:35:26 CET 2008
Matthias Urlichs <smurf at smurf.noris.de> writes:
> Hi,
>
> Nikos Mavrogiannopoulos:
>> I don't understand these comments. The libgcrypt's generator can be
>> used in a separate processes. It doesn't mean it gathers any entropy
>> except for using /dev/urandom as usual.
>>
> Ah, thanks for the correction.
>
> In that case, if it's "as usual", why run the daemon in the first place?
I think the daemon is there to help libgcrypt maintain randomness state
between invocations of applications that use randomness from libgcrypt.
Libgcrypt talks with it. But I haven't used the feature either (it is
experimental) so I don't know for sure. Cc'ing libgcrypt-devel for
corrections.
> To clarify: I don't have an issue with gnutls eating randomness from the
> pool. The randomness is there to be eaten.
>
> However, reading 3000+ bits every time a server (or client) starts up
> does seem a bit excessive. I seriously doubt that it needs that many.
The 3000+ bits part doesn't seem excessive to me, but I think the
problem is that it is required each time a server or client starts up.
Saving a random seeds file would help with this. Or using the libgcrypt
daemon, if it works as I think it does.
/Simon
More information about the Gnutls-devel
mailing list