Use of gen-random
dshaw at jabberwocky.com
Fri Oct 31 19:14:09 CET 2008
On Sat, Nov 01, 2008 at 03:31:22AM +1000, Michael wrote:
> Hi all, I was trying out one of the options of gpg, as it arose during
> a discussion on the group.
> gpg --gen-random  n
> does what I would reasonably expect: generates 'n' random bits of data
> using one of three methods. However, on reading up the option in the man
> page it mentions the possibility of "removing entropy from your system".
> Actually, from the man page:
> --gen-random 0|1|2
> Emit _____ random bytes of the given quality level. If
> count is not given or zero, an endless sequence of
> random bytes will be emitted. PLEASE, don't use this
> command unless you know
> what you are doing; it may
> remove precious entropy from the system!
> Now I'll admit openly I don't always know /exactly/ what I am doing,
> but am prepared to make mistakes to learn. At first I thought perhaps
> the documentation writers were having a bit of a joke a la many unix
> man pages have a geeky sense of humour. But on reflection I realise
> that they are being serious here.
> So I am curious, how might I _lose_ entropy by _generating_ random
> numbers? What do each of the three methods do?
I think the confusion here is in the name "gen-random", which implies
it generates randomness out of nothing. In fact, it generates
(pseudo) randomness from an entropy pool. In the process, the
contents of the pool are used up and need to be replaced.
The details of that pool vary from platform to platform, and vary
fairly widely between Unixish and Windows systems. Very basically,
the computer watches for the timings and details of certain events
(keyboard input, disk performance numbers, etc), and uses them as the
source of what goes in the pool. When a random number is needed, data
from the (well-stirred) pool is used to help deliver it.
Thus, if you read random numbers, you are in fact tapping a limited,
but renewable, resource. In practice, this isn't a particularly big
deal. Keep using your computer, and the pool will refill itself.
It's only a problem if you consume randomness faster than it can be
> Let me say, I'm partly humorous here; if I understand roughly what is
> happening, then the danger is to not set a specific number of bits and
> hence run the risk of gen-random simply emitting random data until it
> eventually somehow 'overflows the available randomness' inherent in my
> system. But simply outputting 20 random bits wouldn't risk doing that, so
> my little experiment is fairly safe. Since it doesn't go much into the
> details in the man page about what the methods are, and what the risk
> actually is (it may be highly technical and hence beyond the scope of a
> manual) it seems appropriate to ask in this forum, since it came up.
An excellent source of information on random number generation:
More information about the Gnupg-users