* Nikos Mavrogiannopoulos: > 2. Generate the parameters in a non-blocking way using /dev/urandom. > (sol2.patch)
Huh? At least at one point in the past, GNUTLS used /dev/urandom for DH parameters. Has this changed? > I believe the third solution is the most elegant. Generating these parameters > on the fly (sol2) even if /dev/urandom is used is time consuming and not > really appropriate for a server. The idea is to have them pregenerated. The main problem is that there is no lock on the file while it is generated, and that a lot of work is wasted by parallel computation. Constant DH parameters have been refused by Debian's security pundits. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
