Bug#448775: Uses too much entropy (Debian Bug #343085)

Simon Josefsson simon at josefsson.org
Fri Jan 4 13:20:17 CET 2008


Werner Koch <wk at gnupg.org> writes:

> On Fri,  4 Jan 2008 10:59, nmav at gnutls.org said:
>
>> This is mostly a question for libgcrypt developers, but I believe
>> libgcrypt initializes the PRNG in a more conservative way.
>
> Right, we even implement failsafe methods in case /dev/random does not
> work like expected.  In fact we don't know ehther /dev/random is a good
> RNG or not.  There is no serious study on the quality of /dev/random and
> in the past we have seen major over-estimations on the available
> entropy.

Right, and there are studies that suggests the Linux /dev/random device
have flaws:

http://eprint.iacr.org/2006/086

Being conservative here is a good thing.  However, that does not have to
be in conflict with working efficiently.  Using a random seed file would
be one way to address both concerns.

/Simon





More information about the Gnutls-devel mailing list