Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com writes:
And to answer myself, I do not think we need something complex as yarrow in gnutls. Older systems may have needed it, but today we can rely on /dev/urandom and getentropy() interfaces, and as such I no longer it is necessary to bring that complexity to gnutls.
Makes sense to me too. But do you plan any fallback for other systems? I guess one could require the use of some separate randomness gathering daemon.
What about MacOS and Microsoft Windows, do they have something comparable to /dev/random these days?
Then I'd expect that there are quite some systems out there, where getting adequate randomness isn't easy. Like small embedded systems, and it's also unclear to me how /dev/random works on virtual machines. But just using a mixer like yarrow or fortuna isn't enough, since the tricky problem is the sourcing of the mixer.
Regards, /Niels