Hi, Nikos Mavrogiannopoulos: > The kernel's random functions have not really been designed for being used > in cryptographic libraries that require several levels of randomness --in a > non blocking way. Also by using /dev/urandom (say for nonces) you also > deplete the /dev/random pool. This is unacceptable. Thus the best way is to > use some good PRNG sinstead of the kernel's. > There are other possibilities. - The kernel has a hardware RNG. - Teach /dev/urandom not to deplete the randomness pool beyond a certain level, assuming it doesn't do that already. - Add a /dev/uurandom interface to the kernel which bases its randomness on /dev/random's internal state, but doesn't itself deplete the pool.
> > I think we should change the GnuTLS default to read from /dev/urandom
> > for pseudo-random data like TLS master secrets.
I agree.
--
Matthias Urlichs | {M:U} IT Design @ m-u-it.de | [EMAIL PROTECTED]
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
- -
:terminal illness: n. 1. Syn. {raster burn}. 2. The `burn-in' condition
your CRT tends to get if you don't have a screen saver.
signature.asc
Description: Digital signature
_______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
