[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Alternate random device for certtool
From: |
Daniel Kahn Gillmor |
Subject: |
Re: [Help-gnutls] Alternate random device for certtool |
Date: |
Thu, 27 Nov 2008 12:27:26 -0500 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) |
On Wed 2008-11-26 19:04:52 -0500, Teran McKinney wrote:
> I am using Gnutls 2.6.2, but have had no luck generating certificates
> with certtool. I found that it uses /dev/random instead of
> /dev/urandom
How are you determining that it uses /dev/random?
I'm using gnutls 2.6.2 from debian's experimental repository, and it
seems to be pulling from /dev/urandom unless i pass it the
--disable-quick-random flag. It does apparently check to make sure
that /dev/random is readable, but it doesn't open the file unless it
needs to:
address@hidden:~$ time strace certtool -p --outfile /dev/null 2>&1 | grep random
access("/dev/random", R_OK) = 0
access("/dev/urandom", R_OK) = 0
open("/dev/urandom", O_RDONLY) = 4
real 0m5.453s
user 0m5.284s
sys 0m0.020s
address@hidden:~$ time strace certtool -p --disable-quick-random --outfile
/dev/null 2>&1 | grep random
execve("/usr/bin/certtool", ["certtool", "-p", "--disable-quick-random",
"--outfile", "/dev/null"], [/* 15 vars */]) = 0
access("/dev/random", R_OK) = 0
access("/dev/urandom", R_OK) = 0
open("/dev/urandom", O_RDONLY) = 4
write(2, "This might take several minutes d"..., 88This might take several
minutes depending on availability of randomness in /dev/random.
open("/dev/random", O_RDONLY) = 5
real 1m5.935s
user 0m4.668s
sys 0m0.036s
address@hidden:~$ dpkg -l gnutls-bin libgnutls26
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-==============-============================================
ii gnutls-bin 2.6.2-1 the GNU TLS library - commandline utilities
ii libgnutls26 2.6.2-1 the GNU TLS library - runtime library
address@hidden:~$
--dkg
pgpX5HFrGSqbi.pgp
Description: PGP signature
[Help-gnutls] Re: Alternate random device for certtool, Simon Josefsson, 2008/11/27