alternative random device

David Shaw dshaw at
Mon Feb 10 02:58:02 CET 2003

On Sun, Feb 09, 2003 at 07:21:28PM +0000, Matthew Byng-Maddick wrote:
> On Sun, Feb 09, 2003 at 07:58:38PM +0100, Janusz A . Urbanowicz wrote:
> > Jacob Perkins napisa?[a]/wrote/schrieb:
> > > I'm not sure how common this is, but I am using gentoo, which
> > > provides a /dev/urandom device, which seems to have much better
> > > performance than /dev/random. I actually had to restart earlier
> > > because /dev/random stopped working, and gnupg couldn't generate
> > > any keys, though /dev/urandom worked fine.  Is it possible to
> > > configure gnupg to use /dev/urandom instead of /dev/random?
> > > How? --enable-static-rnd doesn't seem to allow specifying the
> > > device.  If it current isn't possible, I think a configure time
> > > option should be added, maybe --random-device=.  This is all
> > > with gnupg-1.2.1

> > This is a feature.  /dev/random is assumed to be a source of
> > cryptographically safe random bits source, while /dev/urandom is
> > not. No one should use /dev/urandom for crypto.

> This depends on the type of crypto, in fact. Something like the
> secret number in a (session) DH key is perfectly adequately
> generated by /dev/urandom, because you're very unlikely to be able
> to recover the state, however something like a long-lived private
> key is a bad thing to be generating in that way, because you would
> rather have real randomness than any sort of (possibly recoverable
> later with some attack on the random device) pseudo-randomness.

GnuPG in fact uses both /dev/random and /dev/urandom in the way you
discuss.  There is a notion of multiple quality levels of randomness.
/dev/random is used when necessary, and /dev/urandom is used the rest
of the time.


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list