Key generation: is it possible to fail fast?

Bjarni Runar Einarsson bre at pagekite.net
Fri Feb 17 14:39:01 CET 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello gnupg-devel!

I am pondering the problem of key generation vs. system entropy.
In short, it's a pretty bad user experience if key generation
takes a very long time (potentially forever). This sort of thing
happens especially in virtual machine environments.

If the system doesn't have enough entropy, and generates entropy
too slowly to create a key within a "reasonable time frame",
would it be possible to detect that and fail early? Is it
possible to estimate how long key generation will take?

Of course, anything that can be done to speed up key generation
would be ideal, but I do understand that the GnuPG project would
very much like to avoid generating weak keys.

Thanks,
 - Bjarni

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJYpvz3AAoJEI4ANxYAz5SRizgH/2axueHMsPdTlMHi5U+H2X9X
4z1AXUYX+M0kBrIXD4QlTUiQYwblujY2hf+zIIiPD4KYFXWes1pYzeWfZ1fuMQs2
jd71+wSjrKUTQUX+cnBSEcpnmlz4grr0yTD+Kz6HNO+sHZ0Evl6qivJwTnj3J/Qb
AiIX0fNFrRnWjaiFheq+jk/TPZ8ATmUQK5FjzlqiQmtJQXEnzSb3J8sgJSWbt5Ck
0vsQRdI/v6UBM24o2ybqEfET658jvczLozeO3z2yDqp2kjPKQPuMhGvWBuBmfRBW
WTuBAQP87gZgupq3s0aqpgFUnLQ4jydtPtoPalHih3+7J4l0CKsolAmFTLvRReY=
=DIbL
-----END PGP SIGNATURE-----


More information about the Gnupg-devel mailing list