CTC

[Werner Koch]

Anand Kumria <wildfire at progsoc.uts.edu.au> writes:

> Ian Miller <Ian_Miller at bifroest.demon.co.uk>

I wrote to him yesterday.

> Since it is under the GPL it should be possible to grab things they done
> nicely. Perhaps the PRNG? I've found G10's PRNG to be pretty slow (>60
> mins to generate a 2K key on my 486).

It's not a PRNG but a RNG.  It uses the Linux /dev/random to get random 
bytes.  This device collects random from different sources: interrupts,
key hit, serial port activity (mouse) and estimates how much random is
available (/dev/urandom don't stop, but uses a PRNG based on the hash
functions).  Theoretical it is good to do this in the kernel, but it is
slow.  

With one of the last releases I increased the speed of key generation, by
using /dev/urandom for prime number generation because the prime is part
of the public key (and may even be shared among many users) and does not
need a strong random number (like rsa).  The secret parameter is one
random integer which is of course generated from /dev/random; this device
does not deliver if there is no noise in your box - from my expierince it is
best to switch to another window and keep hacking on the keyboard (somewhat
like the old PGP).

I browsed through the CTC source, but they have only a dummy random
generator for now.  It would be a could idea if someone could write this
RNG for G10, so I can swicth to version 0.3 

> Perhaps CTC and G10 can be successfully merged? I was just thinking about
> pulling the hashing functions that G10 has into a library (say libhash).

I'll do a library (of fundamental cryptograhic function) sometime in the
future.  Let's see what Ian says.


-- 
Werner

                                         finger gcrypt at ftp.guug.de for G10 key
              fingerprint = 8489 6CD0 1851 0E33 45DA  CD67 036F 11B8 FF3E AA0B