Need non-writable --homedir
David Shaw
dshaw at jabberwocky.com
Tue Sep 12 21:05:08 CEST 2006
On Tue, Sep 12, 2006 at 08:42:39PM +0200, Josef Wolf wrote:
> AFAIK, having random_seed be accessible to unauthorized people is
> not acceptable. Thus I have no choice, I just _have_ to use the
> --no-random-seed-file option. Unfortunately, the man page don't
> explain where the random data comes from when this option is used
> and what are the consequences to randomness quality. This is why I
> asked how gnupg will behave with this option. I still have no idea
It is harmless to use --no-random-seed-file. If you use it, GnuPG
will just get randomness from whatever your random source is. The
only difference is that it won't have a seed to start from, so it will
run a little slower.
> > You need to recognize that GnuPG is not a Linux-only platform, and
> > considerable work has gone into it to make it work on as many platforms
> > as possible.
>
> I have no doubts about this. But I still don't have any clue what
> consequences --no-random-seed-file has. Will encryption process block?
> Will the random data be of bad quality?
Encryption shouldn't block. Key generation might (key generation
tries to use higher quality randomness). The random data used with
--no-random-seed-file is just as good as the random data otherwise: it
just takes longer to get to it.
David
More information about the Gnupg-users
mailing list