[gnutls-dev] Speed of random data generation

Alex Hudson home at alexhudson.com
Wed Jun 13 22:54:54 CEST 2007

Hey Andreas,

On Wed, 2007-06-13 at 19:45 +0200, Andreas Metzler wrote:
> OpenSSL usually is built to use /dev/urandom instead of /dev/random
> which does not block if you are out of entropy.

Ah, ok. Does GNUTLS _always_ use /dev/random, or does it depend on what
you're doing? And is that documented, do you know?

> OpenSSL also simply seems pulls less bytes from the device for doing
> the same thing. "certtool --generate-dh-params --bits 1024" almost
> completely depletes the entropy pool, (down from 3596 to 143 bytes[1]
> according to /proc/sys/kernel/random/entropy_avail, while the
> equivalen "openssl gendh 1024" only takes 237 bytes but takes a little
> bit more of raw computing power.

>From having looked around the web, people seem to talk about various
different solutions, like symlinking /dev/random to /dev/urandom (in
fact, one of our developers does this as well, because his machine
simply doesn't generate enough entropy and he can't do anything :)

I really don't want to be telling people to do that, but similarly,
waiting hours etc. is too much, especially since most people wanting to
use this software will likely want to use it on headless equipment. It
seems on modern Linux, the only randomness is going to come from disk
IO, and if the server has a lot of RAM it seems to be that the entropy
being generated could be basically zero.



More information about the Gnutls-devel mailing list