Q: When is the RNG needed?

Werner Koch wk at frodo.isil.d.shuttle.de
Fri Jan 29 11:53:02 CET 1999


Stainless Steel Rat <ratinox at peorth.gweep.net> writes:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> "MFvM" == Michael Fischer von Mollard <fischer at math.uni-goettingen.de> writes:
> 
> MFvM> Just a short question: When is the RNG actually needed? Only for key
> MFvM> generation?
> 
> No, the PRNG is required every time a session key is generated, as the PRNG 
> is the source of the session key.

Not a Pseudo RNG is needed but a RNG.  The difference is that a PRNG
outputs a well defined sequence of random bytes once it has been
seeded.

DSA signatures and ElGamal encryption rely on a secret parameter k
which is only needed during the process of signing/encrypting and
this k never leaves the function.  This k has to be generated by a 
*good* RNG other wise your secret key will leak out.


   Werner





More information about the Gnupg-devel mailing list