Feature #221
pki --gen and Hosts with Low Entropy
Start date:
06.09.2012
Due date:
Estimated time:
Resolution:
Description
Please, add option to choose, which random data surce use to gen key:
Now, pki --gen can use only /dev/random, but you could add option to choose /dev/urandom also.
Associated revisions
History
#1 Updated by Martin Willi almost 10 years ago
- Status changed from New to Closed
- Assignee set to Martin Willi
I don't think it is a good idea to get random bytes from /dev/urandom for private key generation.
But if /dev/random does not work for you, you can ./configure strongSwan --with-random-device=/dev/urandom. Or, with the referenced patch, set the strongswan.conf option libstrongswan.plugins.random.random to /dev/urandom.
Add strongswan.conf runtime options for /dev/[u]random files
Fixes #221.