[patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
Simon Josefsson
simon at josefsson.org
Tue Jan 8 17:16:02 CET 2008
Werner Koch <wk at gnupg.org> writes:
> On Tue, 8 Jan 2008 11:59, wk at gnupg.org said:
>
>> Anyway there 3000 calls to /dev/urandom are far too many for an initial
>> pool filling. I need to check this.
>
> Found it. The bug was introduced with libgcrypt 1.3.1. Here is a patch:
Thanks. Running gnutls-cli using libgcrypt SVN leads to:
random usage: poolsize=600 mixed=25 polls=25/113 added=593/12956
outmix=3 getlvl1=3/136 getlvl2=0/0
Compared to the old situation:
random usage: poolsize=600 mixed=621 polls=3000/117 added=3588/370308
outmix=3 getlvl1=3/136 getlvl2=0/0
So we have reduced /dev/urandom consumption from 3000*120=360kb to
25*120=3kb, right? Strace also confirms the latter amount. That's
good.
Still, 3kb per TLS connection is excessive, so I still recommend exim to
set a libgcrypt seeds file to solve the problem.
Thanks,
/Simon
More information about the Gnutls-devel
mailing list