Re: [gnutls-dev] Speed of random data generation

[Werner Koch]

On Wed, 13 Jun 2007 22:54, address@hidden said:

> different solutions, like symlinking /dev/random to /dev/urandom (in
> fact, one of our developers does this as well, because his machine
> simply doesn't generate enough entropy and he can't do anything :)

Libgcrypt tries to be as safe as possible and thus it is slow by
default.  Having a random seed file definitely helps but when creating
key material using a random level of GCRY_VERY_STRONG_RANDOM it requires
that half the pool is updated with /dev/random bytes.

For an embedded platform it might make sense to build libgcrypt with the
names of the random devices both set to /dev/urandom.  It depends on
your application.

Libgcrypt has a feature which might be helpful:

        gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);

This is used early at program startup to degrade the require random for
key generation down to the standard level.  We use this only for the
regression tests but it is an official feature.

Libgcrypt 1.3 yields better performance in the prime number generation
by saving unused pime candidates[1].  This should also have a positive
effect on the amount of random required.


Shalom-Salam,

   Werner


[1] In Libgcrypt primes are composed from smaller primes and these
smaller primes are saved for later use.