random-device purpose in DNSSEC
Michael Graff
mgraff at isc.org
Thu May 10 20:36:40 UTC 2012
Some signature methods require this, some do not. RSA should not (in general) but RSA encryption in practice may. Signing is different, in that you know both halves (encrypted and cleartext) so it should not require padding.
I think DSA does require randomness in signing.
--Michael
On May 10, 2012, at 2:41 PM, Alexander Gurvitz wrote:
> Hello all.
>
> What random device used for ?
> ARM says "Entropy is primarily needed for DNSSEC operations,
> such as ... dynamic update of signed zones". I don't get why signing a zone
> requires any randomness.
>
> This bothers me as I'm implementing DNSSEC now, and I know that my systems
> are low at entropy, and BIND default random-device is /dev/random,
> and it (the device) blocks when there's no entropy available.
>
> Does BIND really needs that entropy, and how much ?
>
> Regards,
> Alexander Gurvitz,
> net-me.net
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list