Key generation: is it possible to fail fast?
Bjarni Runar Einarsson
bre at pagekite.net
Mon Feb 20 10:50:32 CET 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Justus!
Justus Winter <justus at g10code.com> wrote:
>
> Sorry, I didn't get the idea across. I meant to say that a
> frontend like the MUA can communicate that it started a key
> generation wizard to GnuPG running as a background service.
Thank you for the clarification. However, even this fails badly
in two ways:
1) User doesn't complete the form, aborts and then starts over -
except now the entropy pool has been drained.
2) Key generation is fully automatic, there's no form for the
user to fill out... but I still need to inform them that key
generation is happening and request they don't close the app
itself. :-)
Either way, Werner is right, when the entropy is replentished too
slowly we're talking about key generation times well above 15
minutes. I've given up myself after half an hour and stopped
recommending 4k keys by default in Mailpile for this reason
alone.
The time spent in the wizard just doesn't matter that much.
- Bjarni
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJYqrvsAAoJEI4ANxYAz5SRZgsH/1gi5Rf1IK9tj1eeg1va19ya
SdP/U3OxEqir3LA1JtIWOuNHim89FVizpxOnny5Qx97PNLFgv7rRBRrBChENdCSz
XYH/k+Y4nG7BvUn1NHJN7MRgvyqTtxa5Oawco/527mfZbTHKTad2OC2+4Bab0v2A
i+xj+fgeVRs7yCnPs7YogRJ4Ghj7OXK3YILx8LsGogFpJzszWf3jMdXFMBnsWt36
arYmGVdXHhGiZJdN6g8FcALLfaJdHQm8W+ImkagL17OpbZzbmtQzfwqr8Zofq7Vq
zFIncEAqYWSKxgB9SkPdG9rLfmHwkBkXr7rrzMtr7hL6YzbBHYPwutBx3FB4gco=
=69yo
-----END PGP SIGNATURE-----
More information about the Gnupg-devel
mailing list