Porting GNUPG

Werner Koch wk at isil.d.shuttle.de
Mon Sep 14 16:58:08 CEST 1998


Matthew Mastracci <mmastrac at ucalgary.ca> writes:

>  - Various system parameters (OS version, CPU type, etc)
>  - Name of the computer
>  - Name of the user

This is static data which does not chnage and is easy to guess.

>  - The previous MD5'd string

This does not add any entropy.  You need a hardware source to add more
entropy; a interrupt can be considered as a hardware source.  Don't 
use the values of the keys the user hist but only the timings.  

Mixing is not needed as the core random function already take care of
that.  Peter gives good examples how to collect entropy on a DOS box.


Werner








More information about the Gnupg-devel mailing list