Speading up key generation

Dashamir Hoxha dashohoxha at gmail.com
Fri May 6 18:41:00 CEST 2016


Hi,

We all know that generating new keys currently takes a lot of time,
especially on headless environments. There are several suggestions
on the internet about how to improve this, but most of them are criticized
for making the security weaker (by lowering the quality of randomness
that they generate).

One of the suggestions is to use haveged[1]. I havn't seen any criticizm
about it yet. Is it really safe? If yes, why it is not used by default in
gpg?
Because it indeed improves the time of key generation greatly.

Peace,
Dashamir

P.s. I have started to play with the latest version of GnuPG (2.1)
in Ubuntu-16.04, and I see lots of improvements compared to gnupg-2.0
Some of these improvements make obsolete some of the things
that I have tried to fix with egpg, and this is great, because I don't want
egpg to be a bloated bunch of scripts and tricks, I'd like it to be as lean
as possible.

[1]: http://www.issihosts.com/haveged/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160506/9702145d/attachment-0001.html>


More information about the Gnupg-devel mailing list