Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. gcrypt
How experimental is --enable-random-daemon?
ametzler at downhill
Mar 10, 2008, 11:24 AM
Post #1 of 2 (1308 views)
Permalink
Hello,

since using a random seed file for exim does not work reliably with
the (perhaps broken) patch
<http://news.gmane.org/find-root.php?message_id=%3c20080308084818.GC3091%5f%5f12928.1525886201%241204966999%24gmane%24org%40downhill.g.la%3e>
I am considering the other easy way, using --enable-random-daemon.

However I am unsure on whether --enable-random-daemon will eat small
children or whether it simply is not built by default but should work
alright. Would you outright recommed against using it in production
environments?

Other stuff I have been wondering about:

- A pid file would be nice.
- Why isn't the daemon used by default if specified at compile time?
Needing to patch every gcrypt using application (or at least
libgnutls) to get best benefits seems to be suboptimal.
gcry_control (GCRYCTL_USE_RANDOM_DAEMON, 1)

thanks, cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'


_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Re: How experimental is --enable-random-daemon? [ In reply to ]
wk at gnupg
Mar 11, 2008, 9:01 AM
Post #2 of 2 (1237 views)
Permalink
On Mon, 10 Mar 2008 19:24, ametzler@downhill.at.eu.org said:

> alright. Would you outright recommed against using it in production
> environments?

I wrote it once but did not gave it proper testing. In case it helps
with exim it should be better than nothing.

> - A pid file would be nice.

Noted.

> - Why isn't the daemon used by default if specified at compile time?
> Needing to patch every gcrypt using application (or at least
> libgnutls) to get best benefits seems to be suboptimal.
> gcry_control (GCRYCTL_USE_RANDOM_DAEMON, 1)

It is not matured enough and it gives a new option to snoop on the
random numbers, namely the socket used for the connection. I would not
use it for key generation or other critical appications. For Exim use
it should be fine and you should enable this only within Exim.

However, I would prefer to see why the patch crashes Exim. I have not
yet looked at it, though.


Salam-Shalom,

Werner


--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.


_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal