Need non-writable --homedir

Josef Wolf jw at raven.inka.de
Tue Sep 12 23:09:37 CEST 2006


On Tue, Sep 12, 2006 at 03:05:08PM -0400, David Shaw wrote:
> On Tue, Sep 12, 2006 at 08:42:39PM +0200, Josef Wolf wrote:
> 
> > AFAIK, having random_seed be accessible to unauthorized people is
> > not acceptable.  Thus I have no choice, I just _have_ to use the
> > --no-random-seed-file option.  Unfortunately, the man page don't
> > explain where the random data comes from when this option is used
> > and what are the consequences to randomness quality.  This is why I
> > asked how gnupg will behave with this option.  I still have no idea
> 
> It is harmless to use --no-random-seed-file.  If you use it, GnuPG
> will just get randomness from whatever your random source is.  The
> only difference is that it won't have a seed to start from, so it will
> run a little slower.
[ ... ]
> Encryption shouldn't block.  Key generation might (key generation
> tries to use higher quality randomness).  The random data used with
> --no-random-seed-file is just as good as the random data otherwise: it
> just takes longer to get to it.

Thanks, David!  That's exaclty the answer I was looking for.  It is no
problem for me should it be slower.  Backups run automated at night, so
there's no point in squeezing out the last millisecond.




More information about the Gnupg-users mailing list