random seed file question (take two)

Ben Mord bmord@icon-nicholson.com
Thu Jul 3 17:43:02 2003


There is a random seed file used by GPG I believe to accumulate entropy over multiple sessions, speeding secure random number
generation. This file is stored in the gnupg directory, and I understand that its contents must remain confidential or else
subsequent messages (at least the first several) might be more vulnerable to cryptanalysis.

My question is about the (mis)administration of this file.

What are the security implications of restoring the gnupg directory (including the seed file) from backup? This implies reverting
the state of the seed file and then likely encrypting new data under its old state, so it is possible multiple messages will have
been encrypted using the same seed file state.

What are the security implications of copying this seed file to multiple computers? If someone wants to use gnupg with the same
keyring on multiple computers it seems likely they will simply copy the entire gnupg directory. But this again implies that they may
send multiple messages (one from each computer) under the same seed file state.

Is there a way (or will there be a way) to regenerate this seed file from scratch after restoring from backup or copying to another
computer? Perhaps I am proposing a new feature, unless simply deleting the file already induces gnupg to take the time to create a
securely random seed file.

Perhaps this seems anal, but I remember that an early implementation of SSL was defeated due to inadequate pseudo-random number
generation (PRNG). Even if the PRNG in gnupg is very good, I worry about whether certain user actions might accidentally undermine
the PRNG - or perhaps this has already been considered?