pidgin-otr should interrupt key creation attempt when /dev/random delivers not enough data
Bug #240640 reported by
Caspar Clemens Mierau
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pidgin-otr (Debian) |
Fix Released
|
Unknown
|
|||
pidgin-otr (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: pidgin-otr
When creating a new otr key - either by calling the "Generate" button manually or an automatic attempt, pidgin gets frozen until this process is completed. The duration of this process heavily depends on the speed of /dev/random. Under some circumstances /dev/random does not deliver enough data. E.g. when using "synergy" as a mouse/keyboard sharing tool over tcp. It would be really helpfull when pidgin-otr would ask after a period of 30 or 60 seconds if it should proceed waiting for random data.
The most sophisticated way of course'd be asking the user if he wants to switch to /dev/urandon or just grab the movement of the mouse cursor directly.
Related branches
Changed in pidgin-otr: | |
status: | Unknown → Fix Released |
To post a comment you must log in.
Using /dev/random at all for such key generation seems totally inappropriate. Don't bother the user he doesn't care or at least he shouldn't. It breaks every other programm, which really needs highest quality entropy. To understand how severe this issue is, see: http:// bugs.debian. org/cgi- bin/bugreport. cgi?bug= 489523
What disturbed me most: This makes enabling a crypto-partition with a key from /dev/random hang. I had this problem when enabling swap. The proper fix was to use /dev/urandom for swap, since /dev/random offers no security advantage. In this particular case.
Is anyone who already knows the code willing to fix this? - Just changing /dev/random into /dev/urandom should be rather easy for anyone.