excessive usage of /dev/random?

Charles Swiger cswiger at mac.com
Fri May 1 18:41:50 CEST 2015


On May 1, 2015, at 2:15 AM, Bjarni Runar Einarsson <bre at pagekite.net> wrote:
> I just wanted to chime in and point out that this decision has a cost
> for the usability and complexity of apps like Mailpile, where the first
> thing we do upon setup is create a key for the user if one does not
> exist already. It's common for key creation (for a 4096 bit key) to take
> over 10 minutes and I've seen it take well over 30.

I'd suggest looking into Yarrow or Fortuna, which are CSPRNG algorithms
intended to be suitable for generating crypto keys.  If your operating system
doesn't already use them-- I believe FreeBSD, MacOS X, and some other BSD flavors
use Yarrow + hardware entropy harvesting in their /dev/random implementation--
one can implement the algorithms in userland and minimize the drain against a
blocking /dev/random.

Regards,
-- 
-Chuck




More information about the Gnupg-devel mailing list