Key generation: is it possible to fail fast?

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Fri Feb 17 16:27:39 CET 2017


On February 17, 2017 4:17:13 PM GMT+01:00, Tobias Mueller <muelli at cryptobitch.de> wrote:
>Hi.
>
>On Fri, Feb 17, 2017 at 01:39:01PM -0000, Bjarni Runar Einarsson wrote:
>> If the system doesn't have enough entropy, and generates entropy
>> too slowly to create a key within a "reasonable time frame",
>> would it be possible to detect that and fail early?
>Hm. I guess you could run a timer and abort the key generation (e.g.
>kill the 
>process) if it's taking you too long.
>
>> Of course, anything that can be done to speed up key generation
>> would be ideal
>ECC keys are super fast to generate.
>
>I've seen people installing havegd in virtual machine environments
>to emulate entropy.

I prefer adding a TRNG (like NeuG (reads noisy)) by gniibe on the hypervisor and accessing that from within the VMs (libvirt+qemu+kvm) , works like a charm

>
>Cheers,
>  Tobi
>
>_______________________________________________
>Gnupg-devel mailing list
>Gnupg-devel at gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-devel


--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP certificate at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3



More information about the Gnupg-devel mailing list