Received: (at submit) by bugs.debian.org; 6 Mar 2001 11:06:29 +0000 From robbe@orcus.priv.at Tue Mar 06 05:06:29 2001 Return-path: Received: from 212186010174.11.tuwien.teleweb.at (orcus.priv.at) [::ffff:212.186.10.174] by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 14aFIS-000561-00; Tue, 06 Mar 2001 05:06:29 -0600 Received: by orcus.priv.at (Postfix, from userid 1000) id E49E0EF24; Tue, 6 Mar 2001 12:06:26 +0100 (CET) From: Robert Bihlmeyer Subject: openssl: usage of /dev/random should be possible To: submit@bugs.debian.org X-Mailer: bug 3.3.9 Message-Id: <20010306110626.E49E0EF24@orcus.priv.at> Date: Tue, 6 Mar 2001 12:06:26 +0100 (CET) Delivered-To: submit@bugs.debian.org Package: openssl Version: 0.9.6-1 Severity: normal For libssl, /dev/urandom is probably the right default, as it can be used in circumstances with a time-security-tradeoff (e.g. webserver). OTOH, "openssl" has no time constraints, and needs maximum security - think: creation of a new CA key. Usage of /dev/random should be an option or even the default for Linux[1]. Unfortunately, it's not possible to just set RANDFILE to "/dev/random" (via environment or config file), because openssl then wants to read the *whole* file ... a Sisyphus task. [1] hurd-i386 does not provide /dev/*random, yet. -- System Information Debian Release: testing/unstable Kernel Version: Linux hoss 2.4.1ea-hoss #1 Mon Feb 19 11:53:50 CET 2001 i686 unknown Versions of the packages openssl depends on: ii libc6 2.2.2-1 GNU C Library: Shared libraries and Timezone ii libssl096 0.9.6-1 SSL shared libraries ii perl 5.6.0-20 Larry Wall's Practical Extracting and Report ^^^ (Provides virtual package perl5)