bug#240: random_seed file = SECURITY BUG

Werner Koch wk@gnupg.org
Thu, 17 Aug 2000 12:37:34 +0200

On Thu, 17 Aug 2000, Paul Rubin wrote:

> No he can't. GPG and my login script are write protected. But the
> random_seed file has to be world writeable or else my cgi script can't
> update it (since the cgi script runs as "nobody"). So the random_seed
Okay. I see the problem.
> Therefore there should be a configuration option that turns off
> random_seed, if the user feels that the environment can support using
Ohhh, I forgot that there is one: --no-random-seed-file
> pseudo-random entropy good enough for high security applications.
> So gpg should also not use pseudo-entropy if real entropy is available.
The border between pseudo-entropy and real entropy is quite thin; the output generated by the Linux /dev/random is quite good for a deterministic machine but it is far away from real entropy.
> Also, many computers (Pentium III with the newer chip sets) have
> hardware RNG's now, so if the /dev/random driver is updated to use the
I have some doubts that this RNG can deliver enough random for a big server. It is an analog device and according to the Intel specs it may fail from time to time which is the reason that you have to do some lengthly quality checks at startup; and I think you should do them from time to time on a never to be restarted server. Nobody wants to use this device alone for producing high quality random. Werner -- Werner Koch GnuPG key: 621CC013 OpenIT GmbH http://www.OpenIT.de -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org