batch mode lack of randomness FreeBSD
Raphaël Poss
gnupg at raphael.poss.name
Tue Mar 21 14:58:40 CET 2006
Hi,
Stef Caunter wrote:
> I have populated ~/.gnupg/random_seed with 600 bytes from /dev/urandom
This is generally a very *bad* idea in terms of cryptography:
/dev/urandom uses a pseudo-random generator with predictable results,
(relatively) low random quality that is not suitable at all for
generating secure key pairs.
That is covered in the GnuPG documentation.
> I have asked the admin to add IRQs to rndcontrol.
This on the other hand is a pretty good idea.
> Is this just the way it is on FreeBSD (4.11-RELEASE)? There is plenty of
> randomness in /dev/urandom, and none in /dev/random...
It is always "the way it is" when you attempt to use the entropy pool on
a remote system that you control through the network : there are simply
not enough unpredictable physical events around the server to gather
quickly more entropy. Also happen with linux, or other flavours of
<insert your favorite system without hardware random generator here>.
Mind that Henry Herts Hobbits has a point here: you should not be
generating keys that you intend to be secure using a remote shell access.
Rationale for this is covered in the GnuPG documentation as well.
Regards,
--
Raphaël
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060321/bb98668a/signature.pgp
More information about the Gnupg-users
mailing list