Bug#448775: Uses too much entropy (Debian Bug #343085)

Guus Sliepen guus at debian.org
Sat Jan 5 14:17:25 CET 2008


On Fri, Jan 04, 2008 at 10:48:48AM +0100, Andreas Metzler wrote:

> When acting as a server gnutls pulls that much data from /dev/urandom
> that entropy available for /dev/random is down to its minimum
> safeguard. ((it is not possible to completely deplete /dev/random by
> reading from /dev/urandom in current kernels)
> 
> ametzler at argenau:~$ cat /proc/sys/kernel/random/entropy_avail && gnutls-serv --x
> 509keyfile /tmp/CERT/exim.key --x509certfile /tmp/CERT/exim.crt & sleep 1 &&  ca
> t /proc/sys/kernel/random/entropy_avail
> [1] 5356
> 3591
> Echo Server ready. Listening to port '5556'.
> 139
> 
> 
> ametzler at argenau:~$ cat /proc/sys/kernel/random/entropy_avail && openssl s_serve
> r -cert /tmp/CERT/exim.crt -key /tmp/CERT/exim.key -accept 5556 & sleep 1 &&  cat /proc/sys/kernel/random/entropy_avail
> [1] 7139
> 3596
> [...]
> 3361

Just FYI: I used strace on openssl s_server -nocert and gnutls-serv, and
I noticed the following:

"openssl s_server" reads 32 bytes from /dev/urandom

"gnutls-serv" reads 3000 times 120 bytes from /dev/urandom, yes, 360 kilobytes!

It is no wonder that when strong random data is required later on, the
entropy pool is completely empty with gnutls-serv. For example, if I
just start "gnutls-serv -g", it will always block while trying to read
300 bytes from an empty /dev/random in order to generate temporary RSA
parameters.

I also noticed that on my machine, /proc/sys/kernel/random/entropy_avail
never exceeds 3600, so by reading 300 bytes, you're using 2/3 of a full
pool.

-- 
Met vriendelijke groet / with kind regards,
      Guus Sliepen <guus at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: </pipermail/attachments/20080105/eb587d4e/attachment.pgp>


More information about the Gnutls-devel mailing list