Series of minor questions about OpenPGP 5

Peter Thomas p4.thomas at
Wed Jan 28 15:59:22 CET 2009


Now this is surely gnupg specific again ;-)

Ok let me see...

1) When creating keys or other data which needs random numbers, how is
this done in gnupg? I mean does it per default use /dev/random? Or
does it have its own means like a modified Mersenne Twister or
I wonder because I'd to test the used source with this so is there perhaps some function in gpg
to just generate a bunch of random data as it would be used for key
generation (both symmetric and asymmetric).

2) It seems that the following is an old issue coming again and again
over this list. gpg per default does not create keys larger than 4096
bits (talking about RSA), but it can use keys (and
signatures/encrypted data created by such keys) larger than that,
right? Is there any actual limit (apart from computation power and
life time)?
I fully agree that it makes sense to set this limit, as keys larger
than 4096 bits are not that much usable and its questionable if one
gets that much security by using a say 65563 bits key.
However I wanted to do some compatibility tests with gnupg and other
implementations (PGP, BPG and perhaps some others).
It seems that it's quite easy to disable this limit in the gnupg
source, all I have to do is set max=something in keygen.c, correct?

Is there any knowledge about specific weaknesses of such large keys? I
mean there might be strange effects with the PNRGs that don't happen
until some large keysizes, but would effectively render these super
large keys completely unsecure.


More information about the Gnupg-users mailing list