insecure random number generator
Nils Ellmenreich
Nils@infosun.fmi.uni-passau.de
Wed, 17 May 2000 18:40:54 +0200 (MEST)
>>>"LH" == Lars Hecking <lhecking@nmrc.ucc.ie> writes:
LH> I have now recompiled gpg 1.0.1e on Solaris to use Andreas Meier's
LH> random device (cf. recent thread on -devel ;)
I did something similar some months ago to let it work with the
/dev/random as provided by SUNWski. I had to patch the sources to do
that. So, this thread also belongs to -devel. ;-)
Or do you mean you patched it as well?
LH> Is there a real problem, or is this just a platform-specific precaution
LH> as Solaris generally has no random device?
It's because your random device is set to 'unix' ...
What I did was to specify "linux" as rng (works only with patched
sources) because then the source expects a /dev/random to be there.
LH> I am pretty certain that this binary of gpg knows about /dev/random,
LH> whereas the previous version doesn't:
LH> $ strings gpg | grep '/dev/[ur]'
LH> /dev/random
LH> /dev/urandom
LH> $ strings /usr/local/bin/gpg | grep '/dev/[ur]'
LH> $
That's not enough. I can compile binaries that know about several rng's
but you have to specify which one to use. The standard one with Solaris
is the "kludge" ... :(
So either one patches the source (as I did) or we hope for Solaris
/dev/random support in the official gpg sources as, by now, two
/dev/randoms seem to exist (SUNWski ans Andreas'). But I guess Andreas
Meier's random device has to be examined before Werner "officially"
suggests its use. Saying that, there's always egd ... :-)
Regards,
Nils
--
Nils Ellmenreich - Fak. fuer Math./Informatik - Please use gpg - Nils @
http://www.fmi.uni-passau.de/~nils - Univ. Passau - Uni-Passau.DE