wk at gnupg
Mar 11, 2008, 9:01 AM
Post #2 of 2
On Mon, 10 Mar 2008 19:24, ametzler [at] downhill said:
Re: How experimental is --enable-random-daemon?
[In reply to]
> alright. Would you outright recommed against using it in production
I wrote it once but did not gave it proper testing. In case it helps
with exim it should be better than nothing.
> - A pid file would be nice.
> - Why isn't the daemon used by default if specified at compile time?
> Needing to patch every gcrypt using application (or at least
> libgnutls) to get best benefits seems to be suboptimal.
> gcry_control (GCRYCTL_USE_RANDOM_DAEMON, 1)
It is not matured enough and it gives a new option to snoop on the
random numbers, namely the socket used for the connection. I would not
use it for key generation or other critical appications. For Exim use
it should be fine and you should enable this only within Exim.
However, I would prefer to see why the patch crashes Exim. I have not
yet looked at it, though.
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
Gcrypt-devel mailing list
Gcrypt-devel [at] gnupg