[Pkg-gnutls-maint] Bug#475168: certtool --generate-dh-params is ridiculously wasteful of entropy

sacrificial-spam-address at horizon.com sacrificial-spam-address at horizon.com
Thu Apr 10 04:56:03 UTC 2008 

> Which version of libgcrypt11 do you have installed?

linux-gate.so.1 =>  (0xa7f89000)
libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x41ca2000)
libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x4fab9000)
libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0x4fb45000)
libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0x4fab3000)
libreadline.so.5 => /lib/libreadline.so.5 (0x4ffec000)
libc.so.6 => /lib/i686/cmov/libc.so.6 (0x4eecb000)
libz.so.1 => /usr/lib/libz.so.1 (0x4143f000)
libncurses.so.5 => /lib/libncurses.so.5 (0x4fd17000)
/lib/ld-linux.so.2 (0x4eead000)
libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0x4f01b000)

Package versions:
+++-==============-==============-============================================
ii  gnutls-bin     2.2.2-1        the GNU TLS library - commandline utilities
ii  libc6          2.7-10         GNU C Library: Shared libraries
ii  libc6-i686     2.7-10         GNU C Library: Shared libraries [i686 optimi
ii  libgcrypt11    1.4.0-3        LGPL Crypto library - runtime library
ii  libgnutls26    2.2.2-1        the GNU TLS library - runtime library
ii  libgpg-error0  1.4-2          library for common error values and messages
ii  libncurses5    5.6+20080308-1 Shared libraries for terminal handling
ii  libreadline5   5.2-3          GNU readline and history libraries, run-time
ii  libtasn1-3     1.3-1          Manage ASN.1 structures (runtime)
ii  zlib1g         1:1.2.3.3.dfsg-12 compression library - runtime

$ strace -eread -s12 certtool --generate-dh-params --bits 384

read(3, "\177ELF\1\1\1\0"..., 512)      = 512
read(3, "\177ELF\1\1\1\0"..., 512)      = 512
read(3, "\177ELF\1\1\1\0"..., 512)      = 512
read(3, "\177ELF\1\1\1\0"..., 512)      = 512
read(3, "\177ELF\1\1\1\0"..., 512)      = 512
read(3, "\177ELF\1\1\1\0"..., 512)      = 512
read(3, "\177ELF\1\1\1\0"..., 512)      = 512
read(3, "\177ELF\1\1\1\0"..., 512)      = 512
read(3, "\177ELF\1\1\1\0"..., 512)      = 512
read(3, "J\356W\355\245"..., 120)       = 120	(1)
read(3, "gW\221\310W\30"..., 120)       = 120	(2)
read(3, "\22<\307\247J\7"..., 120)      = 120	(3)
read(3, "\327a\274\372\310"..., 120)    = 120	(4)
read(3, "\f\260\1\353\375"..., 120)     = 120	(5)
read(3, "\340\365%LQ\234"..., 120)      = 120	(6)
read(3, "\350r\264\301,"..., 120)       = 120	(7)
read(3, "J\310u^~\375\346"..., 120)     = 120	(8)
read(3, ",\223\200\356\27"..., 120)     = 120	(9)
read(3, "C\264\215\340\365"..., 120)    = 120	(10)
read(3, "\211\257=\16\206"..., 120)     = 120	(11)
read(3, "\312\274\\\307"..., 120)       = 120	(12)
read(3, "\347<\227\327\243"..., 120)    = 120	(13)
read(3, "#\265\2056\375"..., 120)       = 120	(14)
read(3, "\315\311|\235S"..., 120)       = 120	(15)
read(3, "-\3565Ap\1\5\211"..., 120)     = 120	(16)
read(3, "\373\2345\0269"..., 120)       = 120	(17)
read(3, "\256\361\347__"..., 120)       = 120	(18)
read(3, "\261\321a\t\221"..., 120)      = 120	(19)
read(3, "\325<\326|\217"..., 120)       = 120	(20)
read(3, "\367\312\275 P"..., 120)       = 120	(21)
read(3, "q\226)\355\263"..., 120)       = 120	(22)
read(3, "#\341kIm \376%"..., 120)       = 120	(23)
read(3, "\305\336+\262M"..., 120)       = 120	(24)
read(3, "\363n\6\16R\305"..., 120)      = 120	(25 x 120 =  3000 bytes!)
Generating DH parameters...
Generator: 07

Prime: 97:5e:dd:92:21:7c:22:b6:7e:1f:5f:69
	39:0e:a9:03:91:67:8f:44:4a:c9:c9:cd
	4e:70:3e:f9:7a:20:70:13:19:bb:18:19
	e9:f1:69:b1:2b:a9:35:16:93:c6:c1:1f


-----BEGIN DH PARAMETERS-----
MDYCMQCXXt2SIXwitn4fX2k5DqkDkWePRErJyc1OcD75eiBwExm7GBnp8WmxK6k1
FpPGwR8CAQc=
-----END DH PARAMETERS-----

More information about the Pkg-gnutls-maint mailing list