Package: gnutls-bin Version: 2.2.2-1 "/usr/bin/certtool --generate-dh-params --bits 384" performs 25 120-byte reads (3000 bytes, or 24 kbits total) from /dev/urandom, even though its output is only 384 bits, and doesn't even need to be cryptographically secure in the first place.
I have gotten lost trying to figure out where the waste is actually ocurring, so the problem may be in libgcrypt11-1.4.0, but in general the number of bits of seed entropy required is equal to the security parameter of the key being generated. E.g. 80 for a 1024-bit public key, and 128 for a 3072-bit public key. Applying a small fudge factor (like 2x) to that minimum is reasonable, but this is ridiculous. Basically NOTHING, including generating long-lived public keys, should require reading more than 256 bits (32 bytes) from /dev/{u,}random. (There are about 10^80 = 2^266 protons, and about 2e9 times as many (2^297) photons, in the visible universe. Those are the smallest needles and largest haystacks that we can sensibly talk about.) I can understand being lazy and just reading n bits to generate an n-bit public key rather than implementing your own cryptographic PRNG, but that doesn't apply in this case. In addition to being wasteful, reading more that indicates that the author of the code in question doesn't know much about cryptography. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]