Porting GNUPG

Matthew Skala mskala at ansuz.sooke.bc.ca
Sun Sep 13 17:44:18 CEST 1998


On Sun, 13 Sep 1998, Dave Smith wrote:
> the program for decryption and encryption. Do I understand correctly that
> GNUPG does *not* use a RNG for those purposes??! More specifically, what

I don't know exactly what GPG uses the RNG for, but ElGamal encryption and
DSS require a strong RNG as part of their definition, and their security
is heavily dependent on the strength of the RNG.  The RSA cipher does not
use an RNG itself, but any standard implementation of it will use an RNG
to generate padding to protect against various known weaknesses.  Any
block cipher chaining mode that needs an initialization vector should
preferably use a strongly-random initialization vector; I believe that
would apply to the Blowfish and similar ciphers included in GPG.  I think
the OpenPGP format and protocols also mandate random padding in a number
of places for various security reasons.  In short, trying to use GPG
without a strong random number generator is probably a bad idea, and is
certainly suicidally insecure for anything but "conventional" symmetric
encryption. 

"Let me lose so beautifully               http://www.islandnet.com/~mskala/
 Let me lick the dew from the money tree           Matthew Skala
 Have the moms of the world all care about me        Ansuz BBS
 At suppertime"                        - Odds     (250) 472-3169





More information about the Gnupg-devel mailing list