random-device purpose in DNSSEC

Michael Graff mgraff at isc.org
Thu May 10 20:36:40 UTC 2012

Some signature methods require this, some do not.  RSA should not (in general) but RSA encryption in practice may.  Signing is different, in that you know both halves (encrypted and cleartext) so it should not require padding.

I think DSA does require randomness in signing.


On May 10, 2012, at 2:41 PM, Alexander Gurvitz wrote:

> Hello all.
> What random device used for ?
> ARM says "Entropy is primarily needed for DNSSEC operations,
> such as ... dynamic update of signed zones". I don't get why signing a zone
> requires any randomness.
> This bothers me as I'm implementing DNSSEC now, and I know that my systems
> are low at entropy, and BIND default random-device is /dev/random,
> and it (the device) blocks when there's no entropy available.
> Does BIND really needs that entropy, and how much ?
> Regards,
> Alexander Gurvitz,
> net-me.net
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list