GnuTLS -- certtool

[Benny Amorsen]

Andrew Bartlett <abartlet at samba.org> writes:

> GnuTLS's egregious use of blocking /dev/random is indeed one of the more
> annoying things about this crypto package...

The alternative is to invent entropy that isn't there, and I don't
particularly like that option.

I wish the kernel would be more aggressive in grabbing entropy, but
there's a lot of fear that e.g. network entropy can be predicted. A
box without hard drive and keyboard/mouse is pretty much doomed as it
is. Maybe the kernel should generate pseudo-random hard drive seeks
when entropy runs out and disks are otherwise idle.


/Benny