Alternate egd socket

Dave Dykstra dwd at
Thu Feb 10 12:05:24 CET 2000

On Thu, Feb 10, 2000 at 06:05:59PM +0100, Werner Koch wrote:
> On Thu, 10 Feb 2000, Dave Dykstra wrote:
> > Also, EGD can eat up a lot of memory, especially if multiple people are
> > running it.  At least GnuPG offers the "rndunix" alternative to EGD (on
> EGD should be run as system service to replace the missing /dev/random
> (okay not a real replace but in the case of GnuPG it is a replace because
> /dev/random is used only as a seed to the internal PRNG).  IMO it does
> not make sense to run it for each user - quite bad for system load.

Yes, it is.  Do you agree that it is a security problem if you let any user
create the /tmp/entropy to be shared by everybody?


> IMHO, is someone is able to access the random seed file, he will also
> be able to access the secret keyring ... well, and then he loads it
> down starts a dictionary attack and in kost cases he will be able to
> get the passphrase.  Why the trouble and messing with random numbers
> to get _one_ message decoded when you are abe to get the secret key.

Yes, I was thinking that too; I just didn't know if it was possible to
get any useful information from the random seed file, and it sounds like
it isn't.

> Let's see whether I can implement it for the next release.

Cool, thanks.  That will permit fast, convenient --encrypt without any
superuser intervention on machines that don't have /dev/random.  After that
I think the only reason to use EGD would be for a faster --gen-key.

You could perhaps borrow some stuff for handling the random seed file from
the last free version of ssh at
That's what OpenSSH folks plan to do.

- Dave Dykstra

More information about the Gnupg-devel mailing list