[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DH prime generation taking a long time
|
From: |
Simon Josefsson |
|
Subject: |
Re: DH prime generation taking a long time |
|
Date: |
Fri, 15 Oct 2010 11:11:43 +0200 |
|
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.2 (gnu/linux) |
Nikos Mavrogiannopoulos <address@hidden> writes:
> On Thu, Oct 14, 2010 at 10:34 PM, Simon Josefsson <address@hidden> wrote:
>
>>> The nettle code shouldn't have caused multiple reads to /dev/*random. It
>>> reads 32 bytes on initialization from /dev/urandom and will read some
>>> more after few hours. Which test causes this delay?
>> Newly committed self-test tests/gendh.c triggers it too. Running strace
>> on it reveals it is calling time() a lot, which suggests it is spending
>> time in nettle/rnd.c. This is with GnuTLS built with Nettle as backend.
>
> But do these calls actually cause a/the delay or the prime generation?
Nope, false alarm. It is GMP operations that is taking time because of
#define PRIME_CHECK_PARAM 18
...
ret = mpz_probab_prime_p (w, PRIME_CHECK_PARAM);
Perhaps 18 is a too excessive number. Are there established
recommendations on what number of repetitions are considered sufficient
for crypto purposes? Maybe there should be...
/Simon