excessive usage of /dev/random?
cswiger at mac.com
Fri May 1 20:43:38 CEST 2015
On May 1, 2015, at 11:21 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
[ ... ]
> GnuPG already implements a CSPRNG, as noted upthread by Werner. I'm
> asking here about whether we are over-seeding it.
Drawing ~300 bytes from /dev/random to create a ~2048 bit keypair seems
entirely reasonable. Whether that should go through a CSPRNG depends on
how good the CSPRNG is compared to the /dev/random implementation.
> I'm not trying to
> reopen the whole discussion about what specific CSPRNG we should be
> using in GnuPG. If anyone wants to have that discussion, can we please
> have it in a separate thread?
Excuse me, Daniel-- I'd replied to Bjarni, not a post made by you.
It seemed germane to the origin of the thread because the reason why someone
might care about pulling 300 bytes from /dev/random (versus 200 or whatever),
is because your platform has a blocking /dev/random implementation.
More information about the Gnupg-devel