[gnutls-devel] delaying the initialization of random generator

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Wed Nov 2 08:56:09 CET 2016

On Tue, Nov 1, 2016 at 2:58 PM, Andy Lutomirski <luto at amacapital.net> wrote:
>> This has been already been seen in VMs, on the cases linked by [0]. A
>> work-around that can be applied to gnutls is delaying the internal RNG
>> initialization to the first call of gnutls_rnd(). That will allow
>> applications which do not use the RNG immediately to load faster,
>> while on the other hand introduces some complexity and does not
>> address the problem when for example the system is in FIPS140-2 mode
>> which requires some on-library-load tests which need to call
>> gnutls_rnd(). -(here I'm also worried about future additions that may
>> require random numbers on library load and negate any fixes for that
>> issue).
> I say delay initialization for reasons that have nothing to do with
> blocking: when you initialize early, the kernel is telling you that your
> seed may be predictable.  So re-seeding later on is more secure.

That's a good argument, but kinda assumes non-deterministic systems. I
would have liked our computing systems to not try to emulate the real
world :)

More information about the Gnutls-devel mailing list