Random seed for symetric encryption

Nikolaus Rath Nikolaus at rath.org
Tue Jan 17 10:06:18 CET 2006 

hhhobbit7 at netscape.net (Henry Hertz Hobbit) writes:
>>>> >Now I wonder why GPG needs random data for symmetric
>>>> >encryption. Should I care about the message or not?
>>>> >And how can I make it disappear?
>>>
>>> The SHORT answer is, yes it does need random data for just doing
>>> symmetric encryption.  Yes, you should care about the message.
>>> To make the message  disapper create a public / private key with
>>> a passphrase that will NEVER be the same passphrase that is used
>>> for the encryption of your files.  If you never use it (don't
>>> send email messages that are signed or encrypted) make it
>>> something you are guaranteed to forget and never use again
>>> (repeatable random key strokes? - you need to type it twice).
>>
>>I do have a public/private keypair which is regularly used. And the
>>random seed file actually exists. The warning is not always displayed
>>but only from time to time, just as if gpg ran out of randomness. So I
>>dare say that creating another keypair will not make it disappear,
>>will it?
>
> Oooooh! Now I understand more, and so does everybody else.
> To have us better help you, it would help if we knew the
> following (but first, generating another key will NOT make
> the message disappear):
>
> [1] OS & version

[0] nokile:~/Work$ uname -a
Linux nokile 2.6.12-10-686 #1 Thu Dec 22 11:55:07 UTC 2005 i686 GNU/Linux

(Ubuntu Breezy)


> [2] Whether this has happened all the time or just started.
>     By that I mean did you have a period of time when it never
>     did this after your first set up GPG.

Can't tell. It started as soon as I started encrypting lots of files
with symmetric encryption (means: about 1 week ago).  When I used
public key encryption before this never happened.

> [3] The version of GPG you are using and if you have upgraded
>     it at any time.

[0] nokile:~/Work$ gpg --version
gpg (GnuPG) 1.4.1
Copyright (C) 2005 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512
Compression: Uncompressed, ZIP, ZLIB, BZIP2

I did only the regular distribution updates.

> [4] If you are having problems when you send email messages,
>     since it is also using symmetric encryption underneath the
>     hood so to speak.

Hmm. No, never saw the message there. On the other hand, maybe my MUA
is just hiding it. I'm using Gnus with PGG.

> [5] When you encrypt files, if you are doing a lot of them at
>     one time with little or no pause between each file.

Yes, exactly. About 2 GB in 14000 files.

> [6] The exact message again (I lost it) that GPG gives you
>     when the random fails.

I don't have the exact message here at the moment, but I'm pretty sure
that it literally complained about an "empty random seed". 

   --Nikolaus

-- 
In Linux werden mehr Sicherheitslücken gefunden.
In Windows sind mehr Sicherheitslücken drin.
                                    -- Lutz Donnerhacke

More information about the Gnupg-users mailing list