Alternate egd socket

Enzo Michelangeli em at who.net
Fri Feb 11 17:40:09 CET 2000


----- Original Message -----
From: Alexander Zimmermann <Alexander.Zimmermann at fmi.uni-passau.de>
To: <gnupg-devel at gnupg.org>
Sent: Friday, February 11, 2000 16:17
Subject: Re: Alternate egd socket


> On 10 Feb, Werner Koch wrote:
> > On Thu, 10 Feb 2000, Dave Dykstra wrote:
> >
> >> Yes, it is.  Do you agree that it is a security problem if you let any
user
> >> create the /tmp/entropy to be shared by everybody?
> >
> > Sure.  Maybe it is better to put it into /var/lib/egd/entropy as /etc
> > maybe readonly but I don't know about file system standards on other
> > systems aside GNU and Linux.
> >
> At the moment I start EGD in runlevel 2 with uid root and socket
> /tmp/.gnupg/entropy. Therefore /tmp/.gnupg/entropy exists before any
> user has the chance to log in, and /tmp/.gnupg only has write permission
> for root itself.
>
> > Better get at least _some_bytes from EGD and use an option to disable
> > it entirely.
>
> That would be cool. As it's really annoying waiting more than 1 minute
> to get 1kB encrypted.


So, why don't you just run EGD with the option "--bottomless"? As I
understand it, it should then emulate the non-blocking behaviour of
/dev/urandom instead of the blocking one of /dev/random . The seeding of the
PRNG with true random data will occur anyway, but you'll avoid the annoying
and not really necessary pauses.

Enzo




More information about the Gnupg-devel mailing list