random seed file question (take two)
Werner Koch
wk@gnupg.org
Thu Jul 3 21:01:03 2003
On Thu, 3 Jul 2003 11:40:18 -0400, Ben Mord said:
> What are the security implications of restoring the gnupg directory (including the seed file) from backup? This implies reverting
> the state of the seed file and then likely encrypting new data under its old state, so it is possible multiple messages will have
> been encrypted using the same seed file state.
I don't think it is a serious issue. If you are in doubt delete the
seed file. For key generation we always make sure to stir in 50% of
fresh random from /dev/random into the interal pool which is initially
filled from the seed file. Even on regular startup and use for
session keys we put a some amount of fresh random into it.
> What are the security implications of copying this seed file to
> multiple computers? If someone wants to use gnupg with the same
> keyring on multiple computers it seems likely they will simply copy
> the entire gnupg directory. But this again implies that they may
> send multiple messages (one from each computer) under the same seed
> file state.
We do proper mixing so you can't conclude from the current state to a
previous one.
> Is there a way (or will there be a way) to regenerate this seed file from scratch after restoring from backup or copying to another
rm ~/.gnupg/random_seed
> Perhaps this seems anal, but I remember that an early implementation of SSL was defeated due to inadequate pseudo-random number
> generation (PRNG). Even if the PRNG in gnupg is very good, I worry about whether certain user actions might accidentally undermine
> the PRNG - or perhaps this has already been considered?
If your /dev/random is predictable you might be able to predict the
state on the same box. So better make sure that the state of the
/dev/random used internal pool is saved/restored on shutdown/init of
the box.
Salam-Shalom,
Werner
--
Werner Koch <wk@gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org