True RNG and GnuPG / libgcrypt

Leo Gaspard ekleog at
Thu Oct 3 13:55:33 CEST 2013

On Wed, Oct 02, 2013 at 03:49:21PM -0700, Charles Swiger wrote:
> Indeed, putting a hopefully-strong (but maybe not) RNG or PRNG behind a hash
> function like AES-256 is the notion which algorithms like Yarrow and Fortuna
> use, and which FreeBSD and MacOS X in turn use for our /dev/random devices:
> It might be nice to accurately know whether a platform provides a trustworthy
> and genuinely random /dev/random, but there is no reason preventing GnuPG /
> libcrypt from doing Fortuna in userspace (aside spending some extra
> memory and CPU resources) so that it doesn't have to trust the quality
> of /dev/random.

Knowing that /dev/random is directly OS-managed, distrusting it is directly like
distrusting the OS. (Assuming the OS claims it has a secure randomness

And, once you do not trust your own OS, you can trust absolutely no program
running on it. Thus you are not able to trust GnuPG, if you run it on your
not-trusted OS.

So I believe implementing a fortuna "generator" in GnuPG is not the most urgent
improvement to be made -- though I know nothing of GnuPG's current most-wanted



More information about the Gnupg-devel mailing list