[gnutls-dev] Speed of random data generation

Alex Hudson home at alexhudson.com
Wed Jun 13 18:07:12 CEST 2007

Hi everyone.

I'm a developer on a project called Bongo
(http://www.bongo-project.org/), which uses GNUTLS to implement SSL/TLS
encryption on various connections. 

Bongo is actually composed of a variety of daemons (we call them agents,
but..), and part of the setup process is to create the various
encryption data these agents need to use GNUTLS, e.g:

      * we save a random seed;
      * we create Diffie-Hellman parameters using
        gnutls_dh_params_{init|generate2}, and save that to a file;
      * we create RSA parameters using a similar process;
      * we create a public/private keyset for the various server

Now, the problem we have is that during setup, it can take a long time
to create all that data. The problem seems to be entirely entropy
starvation - and is particularly bad on headless server-type equipment.
One user had to wait over a day for the process to finish, for most it's
nothing like that slow, but can easily take a half hour.

I have a couple of questions:

      * Does it sound like we're doing something wrong? Originally, we
        didn't create much of this data at install time, but did it at
        runtime - and that was terribly, terribly bad, like some kind of
        entropy vampire. So, we know this is a big improvement - it's
        just still really bad, specifically on headless hardware.
      * Are there any improvements we can make? E.g., is there some way
        of deriving the data in a different order or something, so that
        it's not using so much entropy? I know we can ask people to
        install hardware RNG drivers and rngd or something, but that's
        again hardware-dependent.

Our project did use OpenSSL at one stage, and that seemed to work fine.
But, I'm wary of meddling in things I don't understand - and the choice
of strength of random data is not really something I feel I grasp well.
However, I would be happy to look into e.g., creating DH/RSA params from
a PRNG or something if that is advisable?

Many thanks,

Alex Hudson.

More information about the Gnutls-devel mailing list