Werner Koch <[EMAIL PROTECTED]> writes: > On Fri, 4 Jan 2008 13:35, [EMAIL PROTECTED] said: > >> I think the daemon is there to help libgcrypt maintain randomness state >> between invocations of applications that use randomness from libgcrypt. > > Right. And it is still flagged as experimental because it lacks any > fair distribution of random to requesting clients.
You mean the problem where one client requests a lot of randomness, which would hurt the randomness received by other clients? Maybe we could simply punt on that problem. The /dev/*random devices have the same problem, doesn't it? What practical problem would there be in documentation that states 'Make sure you don't run clients that requests too much entropy from the daemon'? Another solution, how about to refuse to give out entropy to processes not listed in a world-readable but root-writable file /etc/libgcryptd.conf file? /Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
