comparison gpg:pgp6.5.1

Werner Koch wk@gnupg.org
Tue, 18 Jan 2000 13:16:25 +0100


On Mon, 17 Jan 2000, Simpson, Sam wrote:


> My understanding is that GPG relies on the OS provided RNG whereas PGP
No. GnuPG used /dev/random as entropy source to seed it's own PRNG. See Peter Gutmann's paper on generation of practically strong random numbers.
> /dev/random devices but on operating systems I wouldn't trust as far as I
> could throw (Winxxxx) then the PGP solution is probably preferable.
PGP 5 version for Unix used the /dev/random too. I have not looked at the pgp 6.x code.
> Afaik no wipe is present. For half-secure OSs I would expect this function
> to be included as a standard function (C2 criteria talks about wiping before
> reuse etc...). Not sure if Linux wipes before re-use....
I considered to put a very good wiping tool into the GnuPG package but it turned out that it would make the distribution much larger and mode complicate to maintain. The next release of the GNU fileutils will come with this tool. For now, I suggest to use one of the tools available in the contrib directory or listed somewhere on the website. -- Werner Koch at guug.de www.gnupg.org keyid 621CC013 Boycott Amazon! - http://www.gnu.org/philosophy/amazon.html