Do not use GnuPG under Mac OS RNG

Werner Koch wk@gnupg.org
Thu Jun 28 11:02:01 2001


 || On Wed, 27 Jun 2001 18:44:32 -0400
 || Gordon Worley <redbird@mac.com> wrote: 

 gw> After doing some more checking, it seems that everything is okay. The
 gw> numbers being generated are random and safe for usage from what I can

I guess it is okay when you have made sure that most of the standard
Unix tools are returning some reasonable output.

 gw> extra hashing done by egd), does egd really give numbers that are that
 gw> much more secure?  I'm wondering if it's even worth running egd,
 gw> because it's something extra that I have to explain to users to get

The advantage of EGD is that it keeps a pool of entropy oer
invocations of gpg.  If gpg has to use rndunix, it has to create such
a pool everytime it is started and running all these system utilities
is not a light job.  And in many cases you are wasting most of the
entropy you have gathered.

Ciao,

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus