excessive usage of /dev/random?

Charles Swiger cswiger at mac.com
Fri May 1 21:11:22 CEST 2015

On May 1, 2015, at 11:40 AM, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
>> I'd suggest looking into Yarrow or Fortuna, which are CSPRNG
>> algorithms intended to be suitable for generating crypto keys.
> Yarrow's troublesome to implement, in that it requires accurate
> estimates of available entropy pools and how they refresh.

True.  I can recall vigorous debate about tweaking the # of bits
of entropy one could assume from various HW sources on the FreeBSD lists.

They ended up picking conservative estimates since it still provided
a sufficient amount of entropy for Yarrow to supply megabytes per second
from /dev/random.  (Except diskless systems, perhaps, since I/O completion
time is usually a major source of entropy, unless a hardware RNG is handy.)

> Fortuna has a simpler design.  The Yarrow authors recommend using Fortuna, and one
> of them has declared Yarrow will no longer receive support or updates.

Agreed.  I've love to see Fortuna get adopted more widely; it would make
a worthy project for someone (GSoC?).


More information about the Gnupg-devel mailing list