------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=654 Summary: [GnuTLS] [patch] Use a random seed file to limit entropy usage Product: Exim Version: 4.68 Platform: x86 OS/Version: Linux Status: NEW Severity: wishlist Priority: medium Component: TLS AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] CC: [email protected] Created an attachment (id=220) --> (http://bugs.exim.org/attachment.cgi?id=220) Initial patch for saving a gcrypt random seed file in spooldir/random_seed Exim linked against GnuTLS is very resource intensive with respect to entropy, a single TLS connection will pull > 3000 bits from /dev/urandom just to initialize Gcrypt's RNG. Gcrypt upstream has suggested to save a seed file. http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2476 The discussion starts on gnutls-devel in http://news.gmane.org/find-root.php?message_id=%3c20080103003214.GB14155%40torres.zugschlus.de%3e Following Simon Joseffson' skeleton patch I have come up with the attached version. It works for me and gets down entropy usage from >3000 to <300 bits. Please check the patch and if acceptable apply it. Thanks. Exim's build-system already seems to be seem smart enough to automatically link against gcrypt, too. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
