On Fri, Jan 6, 2017 at 12:05 PM, Max <[hidden email]> wrote:
> Could you help me to clarify the meaning of gnutls_rnd_level_t? There's
> brief description available over at
> https://www.gnu.org/software/gnutls/reference/gnutls-crypto.html#gnutls-rnd-level-t > but as it's a sensitive topic (misunderstanding might have detrimental
> consequences for security) I'd rather double-check that my understanding is
> GNUTLS_RND_KEY is the "best quality random" from cryptography point of view
> while GNUTLS_RND_NONCE is worst.
Yes. In practice GNUTLS_RND_KEY is a generator based on Yarrow, while
GNUTLS_RND_NONCE is a fast stream cipher (salsa20 if I remember well).
> Am I correct in this? Are there any downsides to always using GNUTLS_RND_KEY
> aside from the risk of depleting OS entropy pool (which
> would be reported by gnutls_rnd() anyway)?
None of them deplete the Linux entropy pool. The nonce generator is
much faster than the key one.