Bug#448775: Uses too much entropy (Debian Bug #343085)
Simon Josefsson
simon at josefsson.org
Fri Jan 4 13:20:17 CET 2008
Werner Koch <wk at gnupg.org> writes:
> On Fri, 4 Jan 2008 10:59, nmav at gnutls.org said:
>
>> This is mostly a question for libgcrypt developers, but I believe
>> libgcrypt initializes the PRNG in a more conservative way.
>
> Right, we even implement failsafe methods in case /dev/random does not
> work like expected. In fact we don't know ehther /dev/random is a good
> RNG or not. There is no serious study on the quality of /dev/random and
> in the past we have seen major over-estimations on the available
> entropy.
Right, and there are studies that suggests the Linux /dev/random device
have flaws:
http://eprint.iacr.org/2006/086
Being conservative here is a good thing. However, that does not have to
be in conflict with working efficiently. Using a random seed file would
be one way to address both concerns.
/Simon
More information about the Gcrypt-devel
mailing list