How to compile libgcrypt.dll

Werner Koch wk at gnupg.org
Thu Feb 10 12:37:55 CET 2005


On Wed,  9 Feb 2005 21:41:16 -0500 (EST), Anonymous  said:

> practical.  On a 1.6Ghz desktop machine under 'normal' load, 1024-bit
> DSA signatures take *45 seconds* to compute.  This delay is unacceptable

I don't have these problems.  The trick is to keep the random state on
disk so that random of quality GCRY_STRONG_RANDOM (which is sufficient
for the DSA's K as well as for session keys) does not require to
initialzie the pool from scratch.

Simply do a 

  gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, filename);

at startup to read the existing random seed and a 

  gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);

right before you exit your process.

> Since it sounds like you're not a big fan of switching completely to the
> CryptoAPI, would you be interested if I wrote an improved patch to add a

No thanks.

  Werner




More information about the Gcrypt-devel mailing list