[Pkg-gnutls-maint] Bug#489523: pidgin-otr: key generation uses too much entropy from /dev/random
Ian Goldberg
ian at cypherpunks.ca
Wed Jul 9 14:54:00 UTC 2008
On Wed, Jul 09, 2008 at 03:15:45PM +0200, Thibaut VARENE wrote:
> reassign 489523 libgcrypt
> tags 489523 - moreinfo help
> thanks
>
> On Wed, Jul 9, 2008 at 2:57 PM, Ian Goldberg <ian at cypherpunks.ca> wrote:
>
> > I know. It's annoying. libgcrypt has no way I can see to specify the
> > source of randomness for key generation (unlike every other use of
> > random numbers). It always uses /dev/random.
>
> Thanks, that's all I wanted to know. I'll reassign this bug to libgcrypt then.
OK.
> > That being said, I just committed a patch to libotr to allow key
> > generation to be done in a background thread, but that doesn't really
> > solve the problem.
>
> Indeed, but that's still a worthy workaround. I'll get it into the package ASAP.
Be careful of packaging anything from the current CVS; the API is in the
process of undergoing major changes (to 4.0.0), and until that work is
finished, I wouldn't recommend releasing anything. Otherwise, you're
going to have major issues with versioning where two libraries that
claim to be libotr 4.0.0 will have incompatible APIs.
- Ian
More information about the Pkg-gnutls-maint
mailing list