excessive usage of /dev/random?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat May 2 00:45:12 CEST 2015

Werner Koch <wk at gnupg.org> writes:

>300 bytes are only 2400 bit which is sufficient for a 2048 bit RSA key. For a
>4096 bit RSA key, which many people started to use, this is not sufficient.

It should be plenty.  Cryptographic numerology (http://www.keylength.com/)
tells us that a 2048-bit RSA key needs about 103 bits of entropy, and a 4096
bit key needs about 142 bits (with a bit of variation depending on whose
numerology you're using).  So take 150 bits of RNG output, feed it into a PRF,
and you're done.


More information about the Gnupg-devel mailing list