Key generation: is it possible to fail fast?
Bjarni Runar Einarsson
bre at pagekite.net
Fri Feb 17 16:15:28 CET 2017
-----BEGIN PGP SIGNED MESSAGE-----
Justus Winter <justus at g10code.com> wrote:
> At our last hackathon we briefly pondered an idea to make key
> generation appear fast without compromising on key strength:
> When the frontend starts a new key generation wizard, start
> collecting entropy in the backend, and use this to speed up the
> generation once the user completed the wizard.
This might improve the experience of manual users, but for tools
which use GnuPG as a backend/API, this wouldn't change anything
since the wizard would be completed instantly.
It also probably only helps if the kernel's entropy pool is
nearly full when GnuPG is started. If it's not, then the total
time will remain unchanged because the kernel is already
gathering entropy in the background, no matter what GnuPG is
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
More information about the Gnupg-devel