excessive usage of /dev/random?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri May 1 20:21:35 CEST 2015


On Fri 2015-05-01 12:41:50 -0400, Charles Swiger wrote:
> On May 1, 2015, at 2:15 AM, Bjarni Runar Einarsson <bre at pagekite.net> wrote:
>> I just wanted to chime in and point out that this decision has a cost
>> for the usability and complexity of apps like Mailpile, where the first
>> thing we do upon setup is create a key for the user if one does not
>> exist already. It's common for key creation (for a 4096 bit key) to take
>> over 10 minutes and I've seen it take well over 30.
>
> I'd suggest looking into Yarrow or Fortuna, which are CSPRNG algorithms
> intended to be suitable for generating crypto keys.  If your operating system
> doesn't already use them-- I believe FreeBSD, MacOS X, and some other BSD flavors
> use Yarrow + hardware entropy harvesting in their /dev/random implementation--
> one can implement the algorithms in userland and minimize the drain against a
> blocking /dev/random.

GnuPG already implements a CSPRNG, as noted upthread by Werner.  I'm
asking here about whether we are over-seeding it.  I'm not trying to
reopen the whole discussion about what specific CSPRNG we should be
using in GnuPG.  If anyone wants to have that discussion, can we please
have it in a separate thread?

       --dkg



More information about the Gnupg-devel mailing list