random seed file questions

Ben Mord bmord@icon-nicholson.com
Wed Jan 29 19:41:24 2003


Hi,

My apologies if this email was already sent to the list. I mailed this a couple days ago, and am resending because it never seemed
to go through.

It is my understanding that GnuPG stores a random seed file in its working directory. This file is changed each time you use GnuPG.
I have looked for more information about this file in the manual and faq, but have not found it. (There is some information in the
man page.)

If the confidentiality or integrity of the random seed file is compromised, should all subsequent messages created with it then be
assumed to be compromised? Or all subsequent messages generated within a certain time period?

Suppose you reuse an old version of this file, such that exactly the same random seed file state was used for multiple messages. For
example, suppose you restore your gnupg working directory from an old backup, and then use this to encrypt or sign more data files.
Or suppose you copy your gnupg directory to multiple computers, and then use multiple copies that all started in the same state.
Would this be insecure?

Suppose you have reason to believe that your random seed file has been compromised, or that you are using the same version of this
file multiple times (e.g. restored from backup, or copied and then used on multiple computers.) Is there a way to tell gnupg to
regenerate the seed file from scratch, perhaps using random input from the user?

How is entropy gathered in the windows port? If you elect not to use the random seed file, then is security weakened, or only
performance? On Pentium III architectures, is the built-in hardware random number generator used? See below:
http://www.cryptography.com/resources/whitepapers/IntelRNG.pdf

Thanks,
Ben