Public bug reported:
Binary package hint: libgcrypt11
libgcrypt reads more bytes from /dev/random than the application has
requested. If a process needs only 16 or 32 random bytes for an
encryption key, the extra bytes read by the library are wasted.
Subsequent reads from /dev/random by other processes will have to wait
until enough randomness is accumulated again. The waiting time will be
especially long when entropy sources are scarce (no network, no hard
disks, lack of keyboard input, etc.).
In my tests using libgcrypt11 version 1.2.4-2ubuntu2 under Ubuntu 7.10
Gutsy, reading 1 random byte with gcry_random_bytes_secure(1,
GCRY_VERY_STRONG_RANDOM) resulted in the read of 300 bytes from
/dev/random and 360 bytes from /dev/urandom, according to strace. It
should have been exactly 1 byte from /dev/random and no reads from
/dev/urandom at all.
If there is a considerable performance hit associated with on-demand
reading from /dev/random, the library API should be extended to provide
a way to disable buffering or to specify in advance how much random
bytes the application will need. Thus applications using the new API
will be able to avoid wasting random bytes. Depending on the real usage
of libgcrypt, it may be worthwhile to change the default behavior so
that less random bytes are wasted.
** Affects: libgcrypt11 (Ubuntu)
Importance: Undecided
Status: New
--
libgcrypt unnecessarily exhausts /dev/random
https://bugs.launchpad.net/bugs/208142
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
