Random seed for symetric encryption

Henry Hertz Hobbit hhhobbit7 at netscape.net
Mon Jan 16 23:25:48 CET 2006 

Nikolaus Rath <Nikolaus at rath.org> writes:

>Henry Hertz Hobbit <hhhobbit at securemecca.net> writes:
>>> >Now I wonder why GPG needs random data for symmetric
>>> >encryption. Should I care about the message or not?
>>> >And how can I make it disappear?
>>
>> The SHORT answer is, yes it does need random data for just doing
>> symmetric encryption.  Yes, you should care about the message.
>> To make the message  disapper create a public / private key with
>> a passphrase that will NEVER be the same passphrase that is used
>> for the encryption of your files.  If you never use it (don't
>> send email messages that are signed or encrypted) make it
>> something you are guaranteed to forget and never use again
>> (repeatable random key strokes? - you need to type it twice).
>
>I do have a public/private keypair which is regularly used. And the
>random seed file actually exists. The warning is not always displayed
>but only from time to time, just as if gpg ran out of randomness. So I
>dare say that creating another keypair will not make it disappear,
>will it?

Oooooh! Now I understand more, and so does everybody else.
To have us better help you, it would help if we knew the
following (but first, generating another key will NOT make
the message disappear):

[1] OS & version
[2] Whether this has happened all the time or just started.
    By that I mean did you have a period of time when it never
    did this after your first set up GPG.
[3] The version of GPG you are using and if you have upgraded
    it at any time.
[4] If you are having problems when you send email messages,
    since it is also using symmetric encryption underneath the
    hood so to speak.
[5] When you encrypt files, if you are doing a lot of them at
    one time with little or no pause between each file.
[6] The exact message again (I lost it) that GPG gives you
    when the random fails.

The reason I say 1 and 5 is because I am curious if you are
using a version of Unix that doesn't have a good pseudo random
number generator and are instead using the Entropy Gathering
Daemon (EGD) or some other randomizer. I can't see how it would
happen, but since EGD was written in PERL, it may be overwhelmed
if the system is severely loaded.  More to the point if you are
using Sun Solaris, IBM AIX, HPUX, or some of the other old style
versions of Unix, you SHOULD be using something like EGD.

If you never have problems sending email, or more to the point
RECEIVING encrypted email, it makes the problem even more baffling.
Usually, you would expect something like corrupted keys, etc.  That
doesn't sound like what is going on here.  The only other thing I
can think of is running out of file descriptors or something, because
every time you use GPG, the random_seed file gets changed.  Ditto if
your system is overloaded and the CPU is maxed.

HHH


__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp

More information about the Gnupg-users mailing list