libgcrypt unnecessarily exhausts /dev/random
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libgcrypt11 (Ubuntu) |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
Binary package hint: libgcrypt11
libgcrypt reads more bytes from /dev/random than the application has requested. If a process needs only 16 or 32 random bytes for an encryption key, the extra bytes read by the library are wasted. Subsequent reads from /dev/random by other processes will have to wait until enough randomness is accumulated again. The waiting time will be especially long when entropy sources are scarce (no network, no hard disks, lack of keyboard input, etc.).
In my tests using libgcrypt11 version 1.2.4-2ubuntu2 under Ubuntu 7.10 Gutsy, reading 1 random byte with gcry_random_
If there is a considerable performance hit associated with on-demand reading from /dev/random, the library API should be extended to provide a way to disable buffering or to specify in advance how much random bytes the application will need. Thus applications using the new API will be able to avoid wasting random bytes. Depending on the real usage of libgcrypt, it may be worthwhile to change the default behavior so that less random bytes are wasted.
Changed in libgcrypt11: | |
importance: | Undecided → Wishlist |
Changed in libgcrypt11 (Ubuntu): | |
status: | New → Confirmed |