Bug#448775: Uses too much entropy (Debian Bug #343085)

Werner Koch wk at gnupg.org
Tue Jan 8 11:59:29 CET 2008


On Tue,  8 Jan 2008 11:03, simon at josefsson.org said:

> random usage: poolsize=600 mixed=621 polls=3000/117 added=3588/370308
>               outmix=3 getlvl1=3/136 getlvl2=0/0

- The random pool has been mixed 621 times.

- The slow random poll function has been called 3000 times to fill and
  update the random poll.  Under Linux each call reads 120 bytes from
  /dev/urandom.

- The fast random poll function has been called 117 times.  Under Linux
  this adds just a few bytes from timer ticks and resource statistics.

- There have been 3588 calls to the function adding random to the pool
  with a total of 370308 bytes added.

- The intermediate pool to extrac random has been moxed 3 times.

- The RNG has been asked 3 times to return a total of 136 bytes of
  random. 

Lets try with gpg using libgcrypt 1.4.1-svn1277:

  $ gpg2 --gen-random -a --debug 128 1 136
  random usage: poolsize=600 mixed=4 polls=0/2 added=17/812
                outmix=3 getlvl1=2/136 getlvl2=0/0

  $ rm ~/.gnupg/random_seed
  $ gpg2 --gen-random -a --debug 128 1 136
  random usage: poolsize=600 mixed=603 polls=3000/2 added=3012/360184
                outmix=3 getlvl1=2/136 getlvl2=0/0

This clearly shows that the missing random_seed is the culprit.  (The
117 fast polls in gnutls-cli are due to the use of other crypto
functions which issue calls to the fast polls.)

Anyway there 3000 calls to /dev/urandom are far too many for an initial
pool filling.  I need to check this.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.






More information about the Gnutls-devel mailing list