[gnutls-dev] Feature request: not really random session keys
Werner Koch
wk at gnupg.org
Mon Jan 30 15:21:34 CET 2006
On Mon, 30 Jan 2006 14:18:43 +0100, Florian Weimer said:
> Why not fix /dev/random instead, and add the functionality which is
> missing there? With all the trouble with threading, forking, and so
> on, it might make sense to put this into the kernel.
Sure. That was orginally Ted Tso's plan but he could not get a solid
RNG into the kernel because the kernel hackers required to amke
/dev/random optional and Ted's plan was to have a solid RNG in the
kernel as a standard service.
With all the changes to the RNG (or better the so-called entropy
sources) I still feel safer to add some extra processing to
/dev/random.
Some OSes don't have a /dev/random or worse a predictable one (some OS X).
Thus we need to do it on our own to be portable.
Salam-Shalom,
Werner
More information about the Gnutls-devel
mailing list