TLS failed, service in BUSY state, terminated abnormally
Bron Gondwana
brong at fastmail.fm
Mon Sep 6 17:46:22 EDT 2010
On Mon, Sep 06, 2010 at 11:42:38AM +0200, "Clément Hermann (nodens)" wrote:
> Le 06/09/2010 11:26, Ethariel a écrit :
> > Hello,
> >
> > auto-answering.
> > During the upgrade process the /dev/* permission were broken. It
> > includes /dev/urandom which I think (can someone confirm) is used by SSL.
>
> Actually SSL is supposed to use /dev/random which provide better
> randomness (because of better entropy gathered via keyboards and disks,
> or better yet, hardware RNG), less likely to be predictable than
> /dev/urandom.
That's a nice theory. Have you seen how many people have posted to this
list about imap freezing and poor throughput that have been caused by
using /dev/random and it blocking?
On the flip side, can you provide a single example of a successful attack
against IMAP connections secured by /dev/urandom?
Denial of service is a credible threat too, and unless you actually have
a hardware randomness generator, the threats of using /dev/random are
generally worse than the threats of using /dev/urandom.
Bron ( who doesn't like black and white advice from ivory towers! )
More information about the Info-cyrus
mailing list