[gnutls-devel] gnutls_rnd_level_t clarification

Max msuraev at sysmocom.de
Fri Jan 6 12:05:31 CET 2017


Hi.

Could you help me to clarify the meaning of gnutls_rnd_level_t? There's 
brief description available over at 
https://www.gnu.org/software/gnutls/reference/gnutls-crypto.html#gnutls-rnd-level-t 
but as it's a sensitive topic (misunderstanding might have detrimental 
consequences for security) I'd rather double-check that my understanding 
is correct.

GNUTLS_RND_KEY is the "best quality random" from cryptography point of view while GNUTLS_RND_NONCE is worst.

Am I correct in this? Are there any downsides to always using GNUTLS_RND_KEY aside from the risk of depleting OS entropy pool (which
would be reported by gnutls_rnd() anyway)?

-- 
Max Suraev <msuraev at sysmocom.de> http://www.sysmocom.de/
=======================================================================
* sysmocom - systems for mobile communications GmbH
* Alt-Moabit 93
* 10559 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschaeftsfuehrer / Managing Director: Harald Welte




More information about the Gnutls-devel mailing list