Bug#448775: Uses too much entropy (Debian Bug #343085)
Guus Sliepen
guus at debian.org
Sat Jan 5 14:17:25 CET 2008
On Fri, Jan 04, 2008 at 10:48:48AM +0100, Andreas Metzler wrote:
> When acting as a server gnutls pulls that much data from /dev/urandom
> that entropy available for /dev/random is down to its minimum
> safeguard. ((it is not possible to completely deplete /dev/random by
> reading from /dev/urandom in current kernels)
>
> ametzler at argenau:~$ cat /proc/sys/kernel/random/entropy_avail && gnutls-serv --x
> 509keyfile /tmp/CERT/exim.key --x509certfile /tmp/CERT/exim.crt & sleep 1 && ca
> t /proc/sys/kernel/random/entropy_avail
> [1] 5356
> 3591
> Echo Server ready. Listening to port '5556'.
> 139
>
>
> ametzler at argenau:~$ cat /proc/sys/kernel/random/entropy_avail && openssl s_serve
> r -cert /tmp/CERT/exim.crt -key /tmp/CERT/exim.key -accept 5556 & sleep 1 && cat /proc/sys/kernel/random/entropy_avail
> [1] 7139
> 3596
> [...]
> 3361
Just FYI: I used strace on openssl s_server -nocert and gnutls-serv, and
I noticed the following:
"openssl s_server" reads 32 bytes from /dev/urandom
"gnutls-serv" reads 3000 times 120 bytes from /dev/urandom, yes, 360 kilobytes!
It is no wonder that when strong random data is required later on, the
entropy pool is completely empty with gnutls-serv. For example, if I
just start "gnutls-serv -g", it will always block while trying to read
300 bytes from an empty /dev/random in order to generate temporary RSA
parameters.
I also noticed that on my machine, /proc/sys/kernel/random/entropy_avail
never exceeds 3600, so by reading 300 bytes, you're using 2/3 of a full
pool.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: </pipermail/attachments/20080105/eb587d4e/attachment.pgp>
More information about the Gnutls-devel
mailing list