insecure random number generator

Nils Ellmenreich
Wed, 17 May 2000 18:40:54 +0200 (MEST)

>>>"LH" == Lars Hecking <> writes:
LH> I have now recompiled gpg 1.0.1e on Solaris to use Andreas Meier's LH> random device (cf. recent thread on -devel ;) I did something similar some months ago to let it work with the /dev/random as provided by SUNWski. I had to patch the sources to do that. So, this thread also belongs to -devel. ;-) Or do you mean you patched it as well? LH> Is there a real problem, or is this just a platform-specific precaution LH> as Solaris generally has no random device? It's because your random device is set to 'unix' ... What I did was to specify "linux" as rng (works only with patched sources) because then the source expects a /dev/random to be there. LH> I am pretty certain that this binary of gpg knows about /dev/random, LH> whereas the previous version doesn't: LH> $ strings gpg | grep '/dev/[ur]' LH> /dev/random LH> /dev/urandom LH> $ strings /usr/local/bin/gpg | grep '/dev/[ur]' LH> $ That's not enough. I can compile binaries that know about several rng's but you have to specify which one to use. The standard one with Solaris is the "kludge" ... :( So either one patches the source (as I did) or we hope for Solaris /dev/random support in the official gpg sources as, by now, two /dev/randoms seem to exist (SUNWski ans Andreas'). But I guess Andreas Meier's random device has to be examined before Werner "officially" suggests its use. Saying that, there's always egd ... :-) Regards, Nils -- Nils Ellmenreich - Fak. fuer Math./Informatik - Please use gpg - Nils @ - Univ. Passau - Uni-Passau.DE