[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnutls-dev] Re: ongoing entropy problems
|
From: |
Simon Josefsson |
|
Subject: |
[gnutls-dev] Re: ongoing entropy problems |
|
Date: |
Wed, 01 Feb 2006 13:05:34 +0100 |
|
User-agent: |
Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) |
Werner Koch <address@hidden> writes:
> On Tue, 31 Jan 2006 19:30:29 +0100, Andreas Metzler said:
>
>> For bug #2 /dev/urandom is used, therefore there is no blocking in
>
> Who is using /dev/urandom: Exim proper or gnutls/libgcrypt?
>
>> exim, just the fact that anything using /dev/random will block, as
>> there is no entropy left.
>
> For my understanding, will someone be so kind to answer these
> questions:
>
> 1. Does gnutls use GCRY_VERY_STRONG_RANDOM?
Yes, in gc_random() which is used by RAND_bytes in
libextra/gnutls_openssl.c. Otherwise, no, as far as I can see.
Is exim using the OpenSSL compatibility interface? Does it invoke
RAND_bytes?
GnuTLS calls gnutls_mpi_randomize in a few places, but only with
GCRY_STRONG_RANDOM.
> 2. Does gnutls save the random seed file?
> gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, filename);
> atexit:
> gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
No. Should it? What should we use as the filename?
> 3. Does the problem only occur for inetd invoked exims?
I don't know.
Thanks.