[Help-gnutls] Why delay generating second and other keys?

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Oct 26 23:15:32 CEST 2005


On Wednesday 26 October 2005 22:51, Fran wrote:

> > I suppose you talk about certtool. This is a good thing. The first key
> > depletes entropy from /dev/random. The second key the same. The system
> > needs some time to gather entropy.
> I see /dev/random code an seems that extract data from mouse, keyboard,
> interrupts, etc.
> If mouse and keyboard do not affect to the PC, the random number is
> gathered very slow (very slow).
> This is a problem of enclosure (deterministic system, low precision),
> and only should be solved with special device (hardware) with precision
> that see the caos of real world (more liberty degree).
> Nothing to be done.

If you generate the keys in one process then the libgcrypt random generator 
will optimize things a bit, since less reads from /dev/random will be 
required.

> Another question:
> Libcrypt use exit() in functions.
This looks like a bug in libgcrypt.
I will forward this to the libgcrypt list.


-- 
Nikos Mavrogiannopoulos





More information about the Gnutls-help mailing list