[Pkg-gnutls-maint] Bug#475168: certtool --generate-dh-params is ridiculously wasteful of entropy
Andreas Metzler
ametzler at downhill.at.eu.org
Wed Apr 9 17:43:10 UTC 2008
On 2008-04-09 sacrificial-spam-address at horizon.com wrote:
> Package: gnutls-bin
> Version: 2.2.2-1
> "/usr/bin/certtool --generate-dh-params --bits 384" performs 25
> 120-byte reads (3000 bytes, or 24 kbits total) from /dev/urandom,
> even though its output is only 384 bits, and doesn't even need to
> be cryptographically secure in the first place.
> I have gotten lost trying to figure out where the waste is actually
> ocurring, so the problem may be in libgcrypt11-1.4.0
Which version of libgcrypt11 do you have installed? There has been a
change in the latest upload in January:
libgcrypt11 (1.4.0-3) unstable; urgency=low
* Added debian/patches/13_fixexcessiverandom.diff: Patch by upstream fixing
reducing /dev/*random usage for initialising the RNG to less than 1/100.
This bug was introduced in 1.3.1.
cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-gnutls-maint
mailing list