RE: [exim] TLS / Entropy

Pàgina inicial
Delete this message
Reply to this message
Autor: Timothy M. Spear
Data:  
A: 'Heiko Schlittermann', exim-users
CC: Timothy Spear
Assumpte: RE: [exim] TLS / Entropy
Hello,
    Based on the fact that the random number generator uses hardware
interrupts, I hade started the design work on a stupid shell script which
wrote a "random" number of blocks to a dedicated disk based upon a hash
value of and the current time, and the last value in /dev/urandom. I was
even trying to integrate the network response time of ping to a random
server when I figured I had gone overboard (the list of random servers came
from the list of domains which had sent us email (including rejected spam).
By having constant disk activity, I would always have IRQs working to
generate more random data. Although it was an interesting intellectual
exercise, I figured the end result would be a waste of CPU and a disk and
ended with a simple sym link to /dev/urandom.
    For mostly internal network links a sym link to /dev/urandom is
probably you best bet. If someone within the company has time and resources
to break that security and predictability of /dev/urandom you probably have
larger problems. :-) 

    
Tim


-----Original Message-----
From: exim-users-bounces@??? [mailto:exim-users-bounces@exim.org] On
Behalf Of Heiko Schlittermann
Sent: Thursday, December 15, 2005 9:23 AM
To: exim-users@???
Subject: Re: [exim] TLS / Entropy

Hello,

yes, I experienced such symptomps as well (mainly with IMAPS/POPS
sessions on the Cyrus server, not with exim).

I'm not sure if exim explicitly asks for the random device or if it's
more part of the SSL libraries. On my systems I changed /dev/random
into a symlink pointing to /dev/urandom and I'm happy with this
*practical* but probably less secure solution.


    Best regards from Dresden
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann HS12-RIPE -----------------------------------------
 gnupg encrypted messages are welcome - key ID: 48D0359B ---------------
 gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B -