[Help-gnutls] Alternate random device for certtool

[Nikos Mavrogiannopoulos]

Werner Koch wrote:

>>>     gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
> 
>> Why is this? As far as I understand the only difference was that it uses
>> /dev/urandom instead of /dev/random.
> 
> Because this has always been the case.  QUICK_RANDOM was and is just a
> testing hack.

I don't understand. The issue for certtool that was reported was that it
was blocking in /dev/random and taking a lot of time to produce any
output. This was the reason I've put QUICK_RANDOM there.

>>>   @item transient-key
> 
>> Is this stronger than using /dev/urandom?
> 
> It is not a matter of being stronger but of being a feature.
> transient-key is suposed to be used for one-off keys and other keys
> which are not that valuable. 


> In general it is always better to use the
> defaults for generating a key; see onl the recent BSD problems with
> their RNG.  This would not have been the case with a blocking one.

I don't think so. Block for indefinite time (can be even hours) does not
offer anything unless you can wait. If you want to generate keys and you
don't care if this will be today or tomorrow it's ok. In all other cases
you will not use this rng, it is broken by design[0].


regards,
Nikos

[0]. Also being blocking does not protect from being a bad algorithm. As
far as I know there are known issues to the blocking linux rng (were
discussed some years ago in gnutls-dev) and they still cannot gather any
entropy from network devices because its state can be compromised!