Uses too much entropy (Debian Bug #343085)

Marc Haber mh+gnutls-devel at
Thu Jan 3 01:32:14 CET 2008


Simon Josefsson has suggested to me (a member of the maintainer team
for Exim's packages for the Debian Operating System) that it might be
a good idea to move a technical debate from our blogs
to gnutls-devel as this list is a better medium for archived discussion.

I'll send a dedicated mail for each of Debian's bug reports, so that
the threads are not going to intermix.

Debian Bug #343085,

This is an example bug for the entropy issue which seems to be the
most pressing issue with Exim4 and GnuTLS at the moment. Let me give
you a little background: Exim4's documentation used to recommend
deleting the dh-parameter file needed for some crypto operations on a
regular basis. The cron job used to remove the file, and exim then
proceeded to re-built the file on the next TLS operation. This
generation reads from /dev/random, blocks if no entropy is available,
which leads to entropy starvation and an interrupted e-mail service.

We have reacted to this issue by removing the RSAEXPORT algorithms,
eliminating the need for the blocking operation. However, this issue
has left our user base in some kind of sensitiveness when exim4's TLS
operations goof in the presence of low entropy. Currently, our
research has shown that using exim4 as a TLS server will not block,
but keep the system's entropy at a very low level during even only
moderately busy operation. As a result of this issue, GnuTLS bugs and were filed.

The entropy issue is also mentioned in


Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

More information about the Gnutls-devel mailing list