Key generation: is it possible to fail fast?

Bjarni Runar Einarsson bre at pagekite.net
Fri Feb 17 16:15:28 CET 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Justus,

Justus Winter <justus at g10code.com> wrote:
> At our last hackathon we briefly pondered an idea to make key
> generation appear fast without compromising on key strength:
> When the frontend starts a new key generation wizard, start
> collecting entropy in the backend, and use this to speed up the
> generation once the user completed the wizard.

Interesting idea.

This might improve the experience of manual users, but for tools
which use GnuPG as a backend/API, this wouldn't change anything
since the wizard would be completed instantly.

It also probably only helps if the kernel's entropy pool is
nearly full when GnuPG is started. If it's not, then the total
time will remain unchanged because the kernel is already
gathering entropy in the background, no matter what GnuPG is
doing.

 - Bjarni

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJYpxOWAAoJEI4ANxYAz5SRSB0IAKvCwyKNKn62Q3TI2zJ8NuNs
rIPw1yRwsZ8hTUZFz1LHOJ/xRmNEUmV2QSapn7xNT/tEH2oa8i7sCMGyzMzZH3Gt
a6gaZrwuNXf8Nu23ndeP1nu2D6j8k1rR3jbPidTuHExTRZk5j9HqtUoOrnoTT11Q
ow8HU7ZwoXD983tk3yOfPa2tV1cxMnhiLq1LUEfMayhAmRkDOlzs/r83iVKroN+S
DJZbQBHC+NSUULUMU8b7wTkKaWfWHpQW7/EKF7Y0roc4g2FLMMv8jLpszooDe/nt
muM8wTIl1jLIGRLwTG/2ZVSd0eN7GZg+BjOuBiW90Of9xJ4MjYVDZKcHONUYj24=
=rIbq
-----END PGP SIGNATURE-----


More information about the Gnupg-devel mailing list