pki --gen and Hosts with Low Entropy
Please, add option to choose, which random data surce use to gen key:
Now, pki --gen can use only /dev/random, but you could add option to choose /dev/urandom also.
#1 Updated by Martin Willi over 8 years ago
- Status changed from New to Closed
- Assignee set to Martin Willi
I don't think it is a good idea to get random bytes from /dev/urandom for private key generation.
But if /dev/random does not work for you, you can ./configure strongSwan --with-random-device=/dev/urandom. Or, with the referenced patch, set the strongswan.conf option libstrongswan.plugins.random.random to /dev/urandom.