[OTR-dev] Re: [Pkg-gnutls-maint] Bug#489523: pidgin-otr: key generation uses too much entropy from /dev/random
Ian Goldberg
ian at cypherpunks.ca
Thu Jul 10 12:05:01 EDT 2008
On Thu, Jul 10, 2008 at 05:49:27PM +0200, Simon Josefsson wrote:
> Do be careful about using that function though: its exact semantics are
> not documented as far as I know. It may result in having long-term
> private key based on no or little entropy.
The current library does the "right" thing; i.e. random bytes are
obtained from /dev/urandom. But if it's undocumented, then it might
change in the future to use the output of rand() or something, which
would be bad indeed.
The problem is that people run key generation with libgcrypt on machines
that gather very little entropy into /dev/random, and key generation can
literally take over an hour. I'm happy to use /dev/urandom instead,
since the output of a PRNG that only gets, say, 200 bits of entropy,
had better be indistinguishable from a truly random source.
But if libgcrypt decides to make that call use an even weaker source
for some reason, Badness would indeed occur.
What do people think?
- Ian
More information about the OTR-dev
mailing list