Matthias Urlichs <[EMAIL PROTECTED]> writes: > Hi, > > Nikos Mavrogiannopoulos: >> I don't understand these comments. The libgcrypt's generator can be >> used in a separate processes. It doesn't mean it gathers any entropy >> except for using /dev/urandom as usual. >> > Ah, thanks for the correction. > > In that case, if it's "as usual", why run the daemon in the first place?
I think the daemon is there to help libgcrypt maintain randomness state between invocations of applications that use randomness from libgcrypt. Libgcrypt talks with it. But I haven't used the feature either (it is experimental) so I don't know for sure. Cc'ing libgcrypt-devel for corrections. > To clarify: I don't have an issue with gnutls eating randomness from the > pool. The randomness is there to be eaten. > > However, reading 3000+ bits every time a server (or client) starts up > does seem a bit excessive. I seriously doubt that it needs that many. The 3000+ bits part doesn't seem excessive to me, but I think the problem is that it is required each time a server or client starts up. Saving a random seeds file would help with this. Or using the libgcrypt daemon, if it works as I think it does. /Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
