batch mode lack of randomness FreeBSD

Raphaël Poss gnupg at
Tue Mar 21 14:58:40 CET 2006


Stef Caunter wrote:

> I have populated ~/.gnupg/random_seed with 600 bytes from /dev/urandom

This is generally a very *bad* idea in terms of cryptography: 
/dev/urandom uses a pseudo-random generator with predictable results, 
(relatively) low random quality that is not suitable at all for 
generating secure key pairs.

That is covered in the GnuPG documentation.

> I have asked the admin to add IRQs to rndcontrol.

This on the other hand is a pretty good idea.

> Is this just the way it is on FreeBSD (4.11-RELEASE)? There is plenty of 
> randomness in /dev/urandom, and none in /dev/random...

It is always "the way it is" when you attempt to use the entropy pool on 
a remote system that you control through the network : there are simply 
not enough unpredictable physical events around the server to gather 
quickly more entropy. Also happen with linux, or other flavours of 
<insert your favorite system without hardware random generator here>.

Mind that Henry Herts Hobbits has a point here: you should not be 
generating keys that you intend to be secure using a remote shell access.

Rationale for this is covered in the GnuPG documentation as well.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060321/bb98668a/signature.pgp

More information about the Gnupg-users mailing list