Do not use GnuPG under Mac OS RNG
Werner Koch
wk@gnupg.org
Mon Jun 25 22:43:02 2001
|| On Sun, 24 Jun 2001 15:50:52 +0200
|| Sebastian Hagedorn <Hagedorn@spinfo.uni-koeln.de> wrote:
sh> understand the issue correctly. This concerns only the generation of
sh> keys, right? Using keys generated on a different platform is therefore
sh> safe(r)?
No. You will always have a weak session key but this is not so
important. When using any of the DLP algorithm (ElGamaland especially
DSA) you will leak information about the secret key.
sh> Also, what can be done to fix this? Are there libraries the end user
sh> could install that gnupg would then use, or is Apple the only party
The solution is simple: Try to figure out good sources of random on
the Mac. I'd start with EGD and analyze the output of the commands it
uses to gather random; I guess that a lot of commands will just fail.
And read at least Peter's paper.
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus