Series of minor questions about OpenPGP 5
Peter Thomas
p4.thomas at googlemail.com
Wed Jan 28 15:59:22 CET 2009
Hi.
Now this is surely gnupg specific again ;-)
Ok let me see...
1) When creating keys or other data which needs random numbers, how is
this done in gnupg? I mean does it per default use /dev/random? Or
does it have its own means like a modified Mersenne Twister or
whatever?
I wonder because I'd to test the used source with this
http://www.cacert.at/random/ so is there perhaps some function in gpg
to just generate a bunch of random data as it would be used for key
generation (both symmetric and asymmetric).
2) It seems that the following is an old issue coming again and again
over this list. gpg per default does not create keys larger than 4096
bits (talking about RSA), but it can use keys (and
signatures/encrypted data created by such keys) larger than that,
right? Is there any actual limit (apart from computation power and
life time)?
I fully agree that it makes sense to set this limit, as keys larger
than 4096 bits are not that much usable and its questionable if one
gets that much security by using a say 65563 bits key.
However I wanted to do some compatibility tests with gnupg and other
implementations (PGP, BPG and perhaps some others).
It seems that it's quite easy to disable this limit in the gnupg
source, all I have to do is set max=something in keygen.c, correct?
Is there any knowledge about specific weaknesses of such large keys? I
mean there might be strange effects with the PNRGs that don't happen
until some large keysizes, but would effectively render these super
large keys completely unsecure.
Cheers,
Peter
More information about the Gnupg-users
mailing list