[Pkg-gnutls-maint] Bug#448775: libgnutls13: uses _WAY_ too much entropy
Marc Haber
mh+debian-bugs at zugschlus.de
Wed Dec 5 13:14:57 UTC 2007
forwarded #448775 https://savannah.gnu.org/support/index.php?106112
thanks
On Wed, Oct 31, 2007 at 09:53:30PM +0100, Marc Haber wrote:
> When using
>
> swaks --to mh@<hostname> --tls --server <servername>
>
> with <servername> being a Debian sid box running exim4, this drops the
> server's entropy pool from from 3585 to 149 (or similar numbers, or
> course). This is way too much entropy usage. Please consider being a
> little less wasteful on resources.
This is now Upstream Bug #448775,
https://savannah.gnu.org/support/index.php?106112.
For Debian purposes, I think that this behavior of GnuTLS can lead to
DoS in other parts of the system, which might warrant this to be an
important or even RC bug. I'll leave that to maintainer's discretion.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the Pkg-gnutls-maint
mailing list