14 Mar
2016
14 Mar
'16
9:46 a.m.
On 13/03/16 01:56, Andy Smith wrote:
Going further, the question becomes, well, what
software is there in
existence that forces use of /dev/random with no configuration that
would allow otherwise? Because even if we agree that all software
*should* be using urandom, if some popular software *refuses* to
without recompile, then we're still going to have to provide an
Entropy service, because doing so is easier than running
non-packaged software.
So Entropy service users, what have you got that uses /dev/random?
My information might be very out of date, so perhaps somebody will
correct me, but Exim's TLS support (via gnutls) would read a lot from
/dev/random to set up connections - far more than OpenSSL did.
I think this was the reason I started using the entropy service, but
I've not checked for a long time whether the issue's still valid. A few
Debian bug reports suggest it might be fixed.
The other place I've seen it recently is when generating a new key pair
with GnuPG, though that was in a test suite rather than on my VPS.
--
Dominic Cleal
dominic(a)computerkb.co.uk