Can't gpg --gen-key

Frank Tobin ftobin@neverending.org
Thu Aug 23 13:03:02 2001


Werner Koch, at 09:53 +0200 on 23 Aug 2001, wrote:

   1. Don't use telnet - it is ridiculous to send the passphrase in clear

They could be using IPsec, OTP, or Kerberos.

   2. If you need to do this on a remote machine, use SSH [1].

You mean a free ssh client, no? :)

   3. You should enable the random device on FreeBSD, I don't know how to
      do it, but with a proper confiuration the machine can collect
      enough entropy even without someone hitting on the keyboard.
      It should help to start some background jobs like "find / -type f
      xargs -n 100 grep jhdgfjhf"

This is a FAQ.  The answer is to use rndcontrol(8) to add IRQ's to the
entropy-gathering utility.  Perhaps if GnuPG is used on a BSD, this could
be spit out when --gen-key is performed.

   [1] Entering passphrases over an SSH channel is not as secure as
   believed, it may be better to pipe the passphrase to the remote
   machine. See the recent Song/Wagner/Tian paper - it is in the news.

Or use public/private keys.

-- 
Frank Tobin		http://www.neverending.org/~ftobin/