Quantcast

[gnutls-devel] gnutls_rnd_level_t clarification

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[gnutls-devel] gnutls_rnd_level_t clarification

Max-2
Hi.

Could you help me to clarify the meaning of gnutls_rnd_level_t? There's
brief description available over at
https://www.gnu.org/software/gnutls/reference/gnutls-crypto.html#gnutls-rnd-level-t 
but as it's a sensitive topic (misunderstanding might have detrimental
consequences for security) I'd rather double-check that my understanding
is correct.

GNUTLS_RND_KEY is the "best quality random" from cryptography point of view while GNUTLS_RND_NONCE is worst.

Am I correct in this? Are there any downsides to always using GNUTLS_RND_KEY aside from the risk of depleting OS entropy pool (which
would be reported by gnutls_rnd() anyway)?

--
Max Suraev <[hidden email]> http://www.sysmocom.de/
=======================================================================
* sysmocom - systems for mobile communications GmbH
* Alt-Moabit 93
* 10559 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschaeftsfuehrer / Managing Director: Harald Welte


_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [gnutls-devel] gnutls_rnd_level_t clarification

Nikos Mavrogiannopoulos
On Fri, Jan 6, 2017 at 12:05 PM, Max <[hidden email]> wrote:
> Hi.
> Could you help me to clarify the meaning of gnutls_rnd_level_t? There's
> brief description available over at
> https://www.gnu.org/software/gnutls/reference/gnutls-crypto.html#gnutls-rnd-level-t
> but as it's a sensitive topic (misunderstanding might have detrimental
> consequences for security) I'd rather double-check that my understanding is
> correct.
> GNUTLS_RND_KEY is the "best quality random" from cryptography point of view
> while GNUTLS_RND_NONCE is worst.

Yes. In practice GNUTLS_RND_KEY is a generator based on Yarrow, while
GNUTLS_RND_NONCE is a fast stream cipher (salsa20 if I remember well).

> Am I correct in this? Are there any downsides to always using GNUTLS_RND_KEY
> aside from the risk of depleting OS entropy pool (which
> would be reported by gnutls_rnd() anyway)?

None of them deplete the Linux entropy pool. The nonce generator is
much faster than the key one.

regards,
Nikos

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Loading...