[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnutls-dev] Re: Feature request: not really random session keys
From: |
Florian Weimer |
Subject: |
[gnutls-dev] Re: Feature request: not really random session keys |
Date: |
Mon, 30 Jan 2006 17:11:30 +0100 |
* Simon Josefsson:
> Florian Weimer <address@hidden> writes:
>
>> I tracked this down to the generation of the RSA_EXPORT key. In this
>> case, bits from /dev/random are used, even though the generated key is
>> horribly insecure anyway.
>>
>> Wouldn't it make sense to use only STRONG_RANDOM in this case, and not
>> VERY_STRONG_RANDOM?
>
> Perhaps. But doesn't this happen for non-RSA_EXPORT keys too? We
> wouldn't want to make that change there.
I think you'd need to pass an additional flag, yes. It's certainly
not a two-line change, and I can understand if you don't want to make
it for such a silly feature.
> It seems better to fix Exim here.
Even if we follow the advice in your other message, a busy mail server
will deplete the pool at an alarming rate (each TLS-enabled SMTP
connection consumes 600 bytes from the kernel pool -- which can only
store 4096 bits). This means that gathering the required true
randomness may take a long time. We'll see if it's still acceptable,
or if the randomness is distributed so unfairly that it won't work.
- Re: [gnutls-dev] Feature request: not really random session keys, (continued)
- Re: [gnutls-dev] Feature request: not really random session keys, Nikos Mavrogiannopoulos, 2006/01/30
- Re: [gnutls-dev] Feature request: not really random session keys, Andreas Metzler, 2006/01/30
- [gnutls-dev] Re: Feature request: not really random session keys, Simon Josefsson, 2006/01/30
- Re: [gnutls-dev] Feature request: not really random session keys, Werner Koch, 2006/01/30
- Re: [gnutls-dev] Feature request: not really random session keys, Florian Weimer, 2006/01/30
- [gnutls-dev] Re: Feature request: not really random session keys, Simon Josefsson, 2006/01/30
- Re: [gnutls-dev] Re: Feature request: not really random session keys, Werner Koch, 2006/01/31
- Re: [gnutls-dev] Feature request: not really random session keys, Werner Koch, 2006/01/31
Re: [gnutls-dev] Feature request: not really random session keys, Florian Weimer, 2006/01/30