[Pkg-gnutls-maint] Bug#448825: libgcrypt11: uses way too much entropy
Marc Haber
mh+debian-bugs at zugschlus.de
Thu Nov 1 09:27:45 UTC 2007
Package: libgcrypt11
Version: 1.2.4-2
Severity: wishlist
Hi,
When exim4 (which uses GnuTLS) receives a TLS-encrypted connection,
initialization of this connection takes over 3000 bytes entropy from
the kernel's entropy pool.
That's way too much.
Please consider implementing an SHA-1'ed counter or something similar.
I have been told that Sun's JCE is an example of this design.
For more reference, please see the gnutls-related exim4 bugs,
especially #343085.
Greetings
Marc
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.23.1-zgsrv (SMP w/1 CPU core; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libgcrypt11 depends on:
ii libc6 2.6.1-5 GNU C Library: Shared libraries
ii libgpg-error0 1.4-2 library for common error values an
libgcrypt11 recommends no packages.
-- no debconf information
More information about the Pkg-gnutls-maint
mailing list