Tue, 18 Jan 2000 13:16:25 +0100
On Mon, 17 Jan 2000, Simpson, Sam wrote:
> My understanding is that GPG relies on the OS provided RNG whereas PGP
No. GnuPG used /dev/random as entropy source to seed it's own PRNG.
See Peter Gutmann's paper on generation of practically strong random
> /dev/random devices but on operating systems I wouldn't trust as far as I
> could throw (Winxxxx) then the PGP solution is probably preferable.
PGP 5 version for Unix used the /dev/random too. I have not looked at
the pgp 6.x code.
> Afaik no wipe is present. For half-secure OSs I would expect this function
> to be included as a standard function (C2 criteria talks about wiping before
> reuse etc...). Not sure if Linux wipes before re-use....
I considered to put a very good wiping tool into the GnuPG package but
it turned out that it would make the distribution much larger and
mode complicate to maintain. The next release of the GNU fileutils
will come with this tool. For now, I suggest to use one of the tools
available in the contrib directory or listed somewhere on the website.
Werner Koch at guug.de www.gnupg.org keyid 621CC013
Boycott Amazon! - http://www.gnu.org/philosophy/amazon.html