Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: gcrypt

How experimental is --enable-random-daemon?

  

 
GnuPG gcrypt RSS feed   Index | Next | Previous | View Threaded


ametzler at downhill

Mar 10, 2008, 11:24 AM

Post #1 of 2 (1104 views)
Permalink
How experimental is --enable-random-daemon?
Hello,

since using a random seed file for exim does not work reliably with
the (perhaps broken) patch
<http://news.gmane.org/find-root.php?message_id=%3c20080308084818.GC3091%5f%5f12928.1525886201%241204966999%24gmane%24org%40downhill.g.la%3e>
I am considering the other easy way, using --enable-random-daemon.

However I am unsure on whether --enable-random-daemon will eat small
children or whether it simply is not built by default but should work
alright. Would you outright recommed against using it in production
environments?

Other stuff I have been wondering about:

- A pid file would be nice.
- Why isn't the daemon used by default if specified at compile time?
Needing to patch every gcrypt using application (or at least
libgnutls) to get best benefits seems to be suboptimal.
gcry_control (GCRYCTL_USE_RANDOM_DAEMON, 1)

thanks, cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'


_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel


wk at gnupg

Mar 11, 2008, 9:01 AM

Post #2 of 2 (1035 views)
Permalink
Re: How experimental is --enable-random-daemon? [In reply to]
On Mon, 10 Mar 2008 19:24, ametzler [at] downhill said:

> alright. Would you outright recommed against using it in production
> environments?

I wrote it once but did not gave it proper testing. In case it helps
with exim it should be better than nothing.

> - A pid file would be nice.

Noted.

> - Why isn't the daemon used by default if specified at compile time?
> Needing to patch every gcrypt using application (or at least
> libgnutls) to get best benefits seems to be suboptimal.
> gcry_control (GCRYCTL_USE_RANDOM_DAEMON, 1)

It is not matured enough and it gives a new option to snoop on the
random numbers, namely the socket used for the connection. I would not
use it for key generation or other critical appications. For Exim use
it should be fine and you should enable this only within Exim.

However, I would prefer to see why the patch crashes Exim. I have not
yet looked at it, though.


Salam-Shalom,

Werner


--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.


_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

GnuPG gcrypt RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.