[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Re: gnutls 1.2.6 and Mozilla Firefox compatibility pro
From: |
Matthias Urlichs |
Subject: |
Re: [Help-gnutls] Re: gnutls 1.2.6 and Mozilla Firefox compatibility problem |
Date: |
Mon, 19 Sep 2005 13:24:57 +0200 |
User-agent: |
Mutt/1.5.9i |
Hi,
Nikos Mavrogiannopoulos:
> The kernel's random functions have not really been designed for being used
> in cryptographic libraries that require several levels of randomness --in a
> non blocking way. Also by using /dev/urandom (say for nonces) you also
> deplete the /dev/random pool. This is unacceptable. Thus the best way is to
> use some good PRNG sinstead of the kernel's.
>
There are other possibilities.
- The kernel has a hardware RNG.
- Teach /dev/urandom not to deplete the randomness pool beyond a certain
level, assuming it doesn't do that already.
- Add a /dev/uurandom interface to the kernel which bases its randomness on
/dev/random's internal state, but doesn't itself deplete the pool.
> > I think we should change the GnuTLS default to read from /dev/urandom
> > for pseudo-random data like TLS master secrets.
I agree.
--
Matthias Urlichs | {M:U} IT Design @ m-u-it.de | address@hidden
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
- -
:terminal illness: n. 1. Syn. {raster burn}. 2. The `burn-in' condition
your CRT tends to get if you don't have a screen saver.
signature.asc
Description: Digital signature