[Pkg-gnutls-maint] Bug#448825: libgcrypt11: uses way too much entropy

Marc Haber mh+debian-bugs at zugschlus.de
Thu Nov 1 09:27:45 UTC 2007


Package: libgcrypt11
Version: 1.2.4-2
Severity: wishlist

Hi,

When exim4 (which uses GnuTLS) receives a TLS-encrypted connection,
initialization of this connection takes over 3000 bytes entropy from
the kernel's entropy pool.

That's way too much.

Please consider implementing an SHA-1'ed counter or something similar.
I have been told that Sun's JCE is an example of this design.

For more reference, please see the gnutls-related exim4 bugs,
especially #343085.

Greetings
Marc

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.23.1-zgsrv (SMP w/1 CPU core; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libgcrypt11 depends on:
ii  libc6                         2.6.1-5    GNU C Library: Shared libraries
ii  libgpg-error0                 1.4-2      library for common error values an

libgcrypt11 recommends no packages.

-- no debconf information





More information about the Pkg-gnutls-maint mailing list