Need non-writable --homedir

David Shaw dshaw at jabberwocky.com
Tue Sep 12 21:05:08 CEST 2006


On Tue, Sep 12, 2006 at 08:42:39PM +0200, Josef Wolf wrote:

> AFAIK, having random_seed be accessible to unauthorized people is
> not acceptable.  Thus I have no choice, I just _have_ to use the
> --no-random-seed-file option.  Unfortunately, the man page don't
> explain where the random data comes from when this option is used
> and what are the consequences to randomness quality.  This is why I
> asked how gnupg will behave with this option.  I still have no idea

It is harmless to use --no-random-seed-file.  If you use it, GnuPG
will just get randomness from whatever your random source is.  The
only difference is that it won't have a seed to start from, so it will
run a little slower.

> > You need to recognize that GnuPG is not a Linux-only platform, and
> > considerable work has gone into it to make it work on as many platforms
> > as possible.
> 
> I have no doubts about this.  But I still don't have any clue what
> consequences --no-random-seed-file has.  Will encryption process block?
> Will the random data be of bad quality?

Encryption shouldn't block.  Key generation might (key generation
tries to use higher quality randomness).  The random data used with
--no-random-seed-file is just as good as the random data otherwise: it
just takes longer to get to it.

David



More information about the Gnupg-users mailing list