batch mode lack of randomness FreeBSD
Henry Hertz Hobbit
hhhobbit7 at netscape.net
Tue Mar 21 14:45:47 CET 2006
Stef Caunter <stef at caunter.ca> wrote:
>I'm sure I have just missed this in the archives, but I cannot see
>mention of a way to get sufficient randomness when running gpg
>remotely in a shell account to batch generate key pairs, i.e.
>
>gpg --gen-key --batch tmp
>
>where tmp is populated according to doc/DETAILS example. Here is
>what I've done to help randomness. I'm just a user on this system
>so my options for IRQ mapping to acquire randomness are limited:
>
>I've started a child process that continually writes to a disk file
>during the --gen-key --batch job...
>
>I have populated ~/.gnupg/random_seed with 600 bytes from
>/dev/urandom
>
>I have asked the admin to add IRQs to rndcontrol.
>
>Is this just the way it is on FreeBSD (4.11-RELEASE)? There is
>plenty of randomness in /dev/urandom, and none in /dev/random...
>
>Stef
>http://caunter.ca/contact.html
Can you ask your admin to add the Entropy Gathering Daemon that is
written in PERL?
http://www.gnupg.org/download/
(search for Entropy)
I can't speak as to the effectiveness or lack thereof of your method.
I am tempted to say that it will probably work, but I may be wrong.
The main point I worry about is when you generate your keys, not when
encrypting stuff. Lucas, who is writing a book on encryption using both
GnuPG and new style PGP uses FreeBSD and I believe he uses the EGD:
http://www.blackhelicopters.org/~mwlucas/reviewers.html
I have no idea how you can get to him because he has finally given
up on email and your message may be considered to be trash. If I
remember correctly, he did say in an email message that he was using
the EGD (Entropy Gathering Daemon). It sounds like you are on a
multi-user system which is NOT a very good state of affairs. If you
have your own system, you can install any of the many good versions
of Linux (make partitions with Partition Magic with an ext3 partitions
for / & /home, another partition for SWAP yet another for a FAT32
partition to transfer files back and forth from Linux to MS Windows.
Only the "/" partition needs to be a Primary partition. All the rest
can be logicals.
Feel free to convert the PERL script to C if you don't think it runs
fast enough. It is Gnu protected so that is permissible.
HHH
__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register
Netscape. Just the Net You Need.
New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp
More information about the Gnupg-users
mailing list