[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is #285371 really an exim problem, or is it gnutls failing?

On Sun, Dec 19, 2004 at 04:52:24PM +0100, Marc Haber wrote:
> Wouldn't it probably be a better idea to have gnutls read entropy from
> /dev/urandom instead? I don't think it is a good idea to have
> functions blocking for extended periods of time.

> May I ask for your opinion?

The security of the session is limited by the randomness of the
weakest key used. If you're going to use /dev/urandom then you might
as well just not encrypt the session at all. It wouldn't be massively
less secure, and it would be quite a lot faster.

  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ |
 `. `'                          |
   `-             -><-          |

Attachment: signature.asc
Description: Digital signature

Reply to: