fwd: What good is this really going to be?

John A. Martin jam at jamux.com
Fri Dec 4 19:34:40 CET 1998


Do the dire RNG warnings below arise because the kludge RNG is used
when signing a file or just because a gpg compiled with the kludge was
started?

	jam

------- Forwarded Message

To: "John A. Martin" <jam at jamux.com>
Subject: What good is this really going to be?
Date: 04 Dec 1998 04:45:11 -0800

Um, John, this kind of output doesn't exactly give me the warm &
fuzzies.

With some difficulty I was able to create a secret/public key pair on
a Linux box with /dev/random and import it to the BSDI box, but ...



gpg (GnuPG) 0.4.4; Copyright (C) 1998 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

gpg: Warning: using insecure memory!
Reading passphrase from file descriptor 0    

You need a passphrase to unlock the secret key for
user: "XEmacs Distribution Builder (Key used for signing XEmacs distributions) <xemacs-dist at xemacs.org>"
(1024-bit DSA key, ID DCF80B6B, created 1998-12-04)

gpg: WARNING: using insecure random number generator!!
The random number generator is only a kludge to let
it compile - it is in no way a strong RNG!

DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!


------- End of Forwarded Message





More information about the Gnupg-devel mailing list