devel <[EMAIL PROTECTED]> writes: > Well, > The problem is that without time limit a "machine operator" > can not know if there is a "hardware problem". For example, my machine > wait about >30seconds for 1024bits or random data, my machine has not > Hardware RNG (Athlon64 X2) that runs a program slow that PentimIII with > hw_rng module (<1second). > On hard load of gathering entropy, a machine operator can not know that > program is waiting for RNG data. The program, the machine, and the > server could be slow because machine can not collect true random data. > > I think that function that collect entropy should exit,with error code, > if a throught of bytes/sg can not be collected. Is my opinion.
If the time-limit is 30s, you then wouldn't be able to generate a private key on your athlon64, while waiting longer would make that possible. Deciding on the time-limit is difficult. On smaller machines, generating the required entropy can take many minutes. A process indicator might be useful, and if someone wants to work on adding one -- just read one byte of randomness at a time and display some progress to the user after each byte has been read -- I'd like to integrate it. However, when you talk about 'server', what do you mean? Generating RSA/DSA private keys or DH parameters can block, but a GnuTLS server should never (if I understand how we are using libgcrypt correctly). If you are having a GnuTLS server block on randomness, please give more details -- that shouldn't happen. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
