How does Windows GnuPG generate random numbers on keygen?

Ryan Malayter
Tue Feb 12 19:14:02 2002

The Windows CryptoAPI provides a pretty good system entropy pool, much like
/dev/rand does on Linux systems. You access this pool with the
CryptGenRandom API call, although I don't believe the Windows version of
GnuPG uses it.

On my  dual 1.53 GHz Athalon system, generating a 2048-bit key took about 15
seconds. The system experienced >40 billion clock cycles and >15,0000
interrupt requests in that time frame. Distilling 2048 bits of entropy from
this amount of timing data - combined with the pre-existing random seed pool
- certainly seems viable. 

Key generation in GnuPG actually seems pretty slow to me, especially on
newer Intel-based systems which have a hardware random number generator that
can be accessed through CryptoAPI. GnuPG just isn't using this device, I


-----Original Message-----
From: Peter Constantinidis [] 
Sent: Tuesday, February 12, 2002 10:57 AM
Subject: How does Windows GnuPG generate random numbers on keygen?

I was wondering this because back in '97 when I generated a PGP key using
the 'slow' method I had to move the mouse, tap keys, etc. to generate
entropy and then wait a while while it calculated a key.

In the options file it makes reference to unix random number generators but
doesn't mention how Windows operates..

Also keygen on GnuPG seems awfully fast.. granted I have an XP 1700 which is
a significant improvement from what I had in '97, but still shouldn't it
take longer than a few seconds to generate a 2048 key?


Gnupg-users mailing list