[PATCH] Update to the Samba crypto requirements document

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed Jan 3 11:58:50 UTC 2018


On Wed, Jan 03, 2018 at 12:53:18PM +0100, Andreas Schneider via samba-technical wrote:
> > > We could also use gnutls_rnd() in generate_random_buffer() which would be
> > > much faster than opening /dev/urandom.
> > 
> > Do we depend on gnutls even for the plain simple file server?
> 
> We don't depend on gnutls for Samba FS (yet).

So gnutls_rnd() would have to be #ifdef'ed.

If you look at commit e73ccc06, when I changed to always use
/dev/urandom, I did measure the speed, and it was not bad. How much
better is gnutls_rnd(), and does it handle fork() well? We should not
run into the situation where two smbds have the same random source in
user space.

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de



More information about the samba-technical mailing list