Use of gen-random

Michael mjkortve at
Fri Oct 31 18:31:22 CET 2008

  Hi all, I was trying out one of the options of gpg, as it arose during
a discussion on the group.

  gpg --gen-random [012] n

  does what I would reasonably expect: generates 'n' random bits of data
using one of three methods. However, on reading up the option in the man
page it mentions the possibility of "removing entropy from your system".

  Actually, from the man page:

--gen-random 0|1|2
               Emit _____ random bytes of the given quality level. If

               count is not given  or zero, an endless sequence of
               random bytes will be emitted.  PLEASE, don't use this
                                        	      command unless you know
what you are doing; it may
               remove precious entropy from the system!

   Now I'll admit openly I don't always know /exactly/ what I am doing,
but am prepared to make mistakes to learn. At first I thought perhaps
the documentation writers were having a bit of a joke a la many unix
man pages have a geeky sense of humour. But on reflection I realise
that they are being serious here.

  So I am curious, how might I _lose_ entropy by _generating_ random
numbers? What do each of the three methods do?

  So I experiment, and generate a small number (20 bits) of random
numbers at the command line as per
  gpg --gen-random 0 20
  and it outputs what looks like gibberish to me. I won't copy the
actual output simply because anyone can do this experiment for
themselves to see the sort of output you get.

  But when I use the 2 method, I get an error/warning about running
diskperf in order to generate disk statistics. Well, I don't have
diskperf on my windows system (though there may well be a win version, I
don't know). What I am concerned about is why it might want disk
statistics and have I "lost precious entropy" from my system?

  Let me say, I'm partly humorous here; if I understand roughly what is
happening, then the danger is to not set a specific number of bits and
hence run the risk of gen-random simply emitting random data until it
eventually somehow 'overflows the available randomness' inherent in my
system. But simply outputting 20 random bits wouldn't risk doing that, so
my little experiment is fairly safe. Since it doesn't go much into the
details in the man page about what the methods are, and what the risk
actually is (it may be highly technical and hence beyond the scope of a
manual) it seems appropriate to ask in this forum, since it came up.

  Although my background is technical, and I can understand mathematical
expressions, I don't read source code for breakfast and am really more
curious about the engineering details of what is going on rather than a
mathematical description. Where does gpg "gather" it's randomness, and
just how much is available in a simple system such as mine?

  And just finally, may I take the opportunity to say how much I enjoy
the various discussions in this group, generally the quality of the
questions and the help has consistently been excellent.

  Cheers for now,
Michael Kortvelyesy.

More information about the Gnupg-users mailing list