[gnutls-dev] Speed of random data generation

[Werner Koch]

On Wed, 13 Jun 2007 19:45, ametzler at downhill.at.eu.org said:

> OpenSSL also simply seems pulls less bytes from the device for doing
> the same thing. "certtool --generate-dh-params --bits 1024" almost
> completely depletes the entropy pool, (down from 3596 to 143 bytes[1]
> according to /proc/sys/kernel/random/entropy_avail, while the

That is indeed a lot.  gnutls uses libgcrypt and luibcgrypt rquires that
its internal random pool gets filled with enough high quality random;
i.e. 600 bytes.  That should be sufficient for creating a secret prime
but it depends on how it is implemented.  


Salam-Shalom,

   Werner