[Help-gnutls] Re: Previous bug in Debian regarding entropy Gnu-TLS, Exim-4.60, 2.4 kernel

Simon Josefsson jas at extundo.com
Thu Jul 6 16:42:30 CEST 2006


Jeremiah Foster <jeremiah.foster at theclickstore.se> writes:

> I think there is a cron shell script fix provided on the debian exim web
> site

It should probably be packaged, it seems to be the proper solution.

Also, exim probably shouldn't use the file if it is stale, i.e. if it
is too old.  The parameters should be rebuilt once a day or so.

> and I have heard that /dev/urandom is somewhat more secure on
> linux than /dev/random, but that the security and efficiency issues
> are as you say, that is problematic.

/dev/random blocks when no more entropy is available, /dev/urandom
doesn't block.  The data is the same if the entropy pool is not empty,
if the entropy pool is empty, the /dev/urandom data will be less good.
However, it seems both devices aren't state-of-the-art (P)RNG's, so
the output shouldn't be trusted too much; libgcrypt does additional
mixing, which is sadly probably necessary.

/Simon





More information about the Gnutls-help mailing list