Porting GNUPG

Werner Koch wk at isil.d.shuttle.de
Mon Sep 14 10:00:43 CEST 1998


"Paul D. Smith" <psmith at BayNetworks.COM> writes:

> Isn't the method PGP uses to generate random numbers sufficiently strong
> for the purposes of GnuPG too?  Is there some reason that method hasn't
> been implemented, except for 'tuits?

Measurement of key hit timings is not easy on a unix box and less
secure than what you can do under DOS.  The Linux random number 
generator is much better as a source for random number.  In addition
to this GNUPG implements all requirements from RFC1750.


Werner





More information about the Gnupg-devel mailing list