Re: gnome-keyring Generating RSA keys from /dev/urandom

On 2010-12-09 10:28, Nikos Mavrogiannopoulos wrote:
> /dev/random is pretty useless for cryptographic (any) applications,
> unless there is an open time limit (i.e. wait 10 minutes until there is
> entropy enough to start a TLS session). Usually user's (like me) don't
> want to do that, thus /dev/urandom comes to play. There are not known
> weaknesses so far as long as there was gathered randomness at some point.
> A description and study of it can be seen at
> There are other (maybe better) alternatives to /dev/random algorithm
> that do not require blocking, but in linux that's all we have.

Interesting. Good to know.

I agree that that using /dev/random is basically completely unusable.
I'll disable the /dev/random usage in libgcrypt and use /dev/urandom

The way to use /dev/urandom in libgcrypt is like so:


The only risk is that libgcrypt gives us very few guarantees about
what it's doing, and whether the behavior of that setting will change in
the future.

But I think this acceptable, and will post some code for PKCS#11 key
generation soon.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]