solaris certification

David Shaw dshaw at jabberwocky.com
Wed Aug 2 04:59:17 CEST 2006


On Tue, Aug 01, 2006 at 10:07:49PM -0400, Daniel Guido wrote:
> (Please correct me where I'm wrong here)
> 
> I think I can clarify a bit further.  My concerns revolve around the
> RNG in use by GPG prior to Solaris 10 (which comes with functioning
> /dev/[u]random implementation).
> 
> There seems to be 2 options if you're using a version prior to Solaris 10:
> - Use Andreas Maier's SUNrand to emulate /dev/[u]random
> - Use EGD
> 
> Despite the great amount of work put into EGD I'd much rather have a
> /dev/random.  Knowing that, I'd like to use Maier's kernel module, but
> has anyone actually evaluated it and decided that "yes, the output
> from this module IS random to an acceptable degree and it's acceptable
> to use it with GPG"?  Is there any reason why you would not suggest
> using that kernel module to support GPG?

No reason from the GPG perspective: meaning that GPG should
automatically detect that /dev/[u]random exists at ./configure time
and build in the necessary code to talk to it, but also meaning that
you need to decide whether SUNrand is something you want to use.

I don't mean this to imply that SUNrand is bad or weak or anything
like that, just that nobody can make this decision for you.

You might want to play around with http://www.fourmilab.ch/random/

David



More information about the Gnupg-users mailing list