Key generation: is it possible to fail fast?
justus at g10code.com
Fri Feb 17 15:59:12 CET 2017
Bjarni Runar Einarsson <bre at pagekite.net> writes:
> I am pondering the problem of key generation vs. system entropy.
> In short, it's a pretty bad user experience if key generation
> takes a very long time (potentially forever). This sort of thing
> happens especially in virtual machine environments.
> If the system doesn't have enough entropy, and generates entropy
> too slowly to create a key within a "reasonable time frame",
> would it be possible to detect that and fail early? Is it
> possible to estimate how long key generation will take?
> Of course, anything that can be done to speed up key generation
> would be ideal, but I do understand that the GnuPG project would
> very much like to avoid generating weak keys.
At our last hackathon we briefly pondered an idea to make key generation
appear fast without compromising on key strength: When the frontend
starts a new key generation wizard, start collecting entropy in the
backend, and use this to speed up the generation once the user completed
With such a design, the frontend could even ask the backend on the
progress, and detect entropy-starved environments before attempting the
Sadly the idea was not popular.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 487 bytes
Desc: not available
More information about the Gnupg-devel