SSL/TLS passive sniffing
John Denker
jsd at av8n.com
Wed Dec 22 11:49:18 EST 2004
Florian Weimer wrote:
> Would you recommend to switch to /dev/urandom (which doesn't block if
> the entropy estimate for the in-kernel pool reaches 0), and stick to
> generating new DH parameters for each connection,
No, I wouldn't.
> or ...
> generate them once per day and use it for several connections?
I wouldn't do that, either.
If the problem is a shortage of random bits, get more random bits!
Almost every computer sold on the mass market these days has a sound
system built in. That can be used to generate industrial-strength
randomness at rates more than sufficient for the applications we're
talking about. (And if you can afford to buy a non-mass-market
machine, you can afford to plug a sound-card into it.)
For a discussion of the principles of how to get arbitrarily close
to 100% entropy density, plus working code, see:
http://www.av8n.com/turbid/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list