excessive usage of /dev/random?

Charles Swiger cswiger at mac.com
Fri May 1 20:43:38 CEST 2015

On May 1, 2015, at 11:21 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
[ ... ]
> GnuPG already implements a CSPRNG, as noted upthread by Werner.  I'm
> asking here about whether we are over-seeding it.

Drawing ~300 bytes from /dev/random to create a ~2048 bit keypair seems
entirely reasonable.  Whether that should go through a CSPRNG depends on
how good the CSPRNG is compared to the /dev/random implementation.

> I'm not trying to
> reopen the whole discussion about what specific CSPRNG we should be
> using in GnuPG.  If anyone wants to have that discussion, can we please
> have it in a separate thread?

Excuse me, Daniel-- I'd replied to Bjarni, not a post made by you.

It seemed germane to the origin of the thread because the reason why someone
might care about pulling 300 bytes from /dev/random (versus 200 or whatever),
is because your platform has a blocking /dev/random implementation.


More information about the Gnupg-devel mailing list