Porting GNUPG

Zack Weinberg zack at rabi.columbia.edu
Mon Sep 14 09:11:25 CEST 1998

On Mon, 14 Sep 1998 09:00:43 +0200, Werner Koch wrote:
>"Paul D. Smith" <psmith at BayNetworks.COM> writes:
>> Isn't the method PGP uses to generate random numbers sufficiently strong
>> for the purposes of GnuPG too?  Is there some reason that method hasn't
>> been implemented, except for 'tuits?
>Measurement of key hit timings is not easy on a unix box and less
>secure than what you can do under DOS.  The Linux random number 
>generator is much better as a source for random number.  In addition
>to this GNUPG implements all requirements from RFC1750.

As far as I know no commercial Unix has a /dev/random.  How does GPG
generate random numbers on those systems?


More information about the Gnupg-devel mailing list