gnutls-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnutls-dev] Feature request: not really random session keys


From: Florian Weimer
Subject: Re: [gnutls-dev] Feature request: not really random session keys
Date: Mon, 30 Jan 2006 14:18:43 +0100

* Werner Koch:

> The same may happen with libgcrypt applications if several short
> living processes are running (Exim?).  I am not sure whether GnuTLS
> sets a random seed file at all.  Does it?

In case of Exim, it's regeneration of the RSA_EXPORT key.  It is not
serialized, either, so multiple Exim processes try to regenerate it
and consume increasing amounts of entropy.

> In the long term there will be no other way than to have a Libgcrypt
> specific daemon to maintain the entropy pool.

Why not fix /dev/random instead, and add the functionality which is
missing there?  With all the trouble with threading, forking, and so
on, it might make sense to put this into the kernel.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]