[gnutls-devel] gnutls_rnd_level_t clarification

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Jan 6 17:00:26 CET 2017

On Fri, Jan 6, 2017 at 12:05 PM, Max <msuraev at sysmocom.de> wrote:
> Hi.
> Could you help me to clarify the meaning of gnutls_rnd_level_t? There's
> brief description available over at
> https://www.gnu.org/software/gnutls/reference/gnutls-crypto.html#gnutls-rnd-level-t
> but as it's a sensitive topic (misunderstanding might have detrimental
> consequences for security) I'd rather double-check that my understanding is
> correct.
> GNUTLS_RND_KEY is the "best quality random" from cryptography point of view
> while GNUTLS_RND_NONCE is worst.

Yes. In practice GNUTLS_RND_KEY is a generator based on Yarrow, while
GNUTLS_RND_NONCE is a fast stream cipher (salsa20 if I remember well).

> Am I correct in this? Are there any downsides to always using GNUTLS_RND_KEY
> aside from the risk of depleting OS entropy pool (which
> would be reported by gnutls_rnd() anyway)?

None of them deplete the Linux entropy pool. The nonce generator is
much faster than the key one.


More information about the Gnutls-devel mailing list