Series of minor questions about OpenPGP 5
p4.thomas at googlemail.com
Wed Jan 28 17:45:37 CET 2009
On Wed, Jan 28, 2009 at 5:10 PM, Werner Koch <wk at gnupg.org> wrote:
> Read the manual of libgcrypt 1.4.4 - it includes a description of the
> RNG. The code in 1.4 is basically the same.
That's what I was looking for :-)
These levels described on
... Is it possible to tell gnupg to use GCRY_VERY_STRONG_RANDOM also
for the session keys? Or wouldn't that make much better?
I've read about special hardware devices that (claim to) give true
random numbers, some based on thermodynamics some even on quantum
Have you heard about them? Are there any supported in Linux and would
it make sense or is it even possible to use them with gnupg?
>> I wonder because I'd to test the used source with this
>> http://www.cacert.at/random/ so is there perhaps some function in gpg
> That are plainstupid tests. It does no make any sense at all to run
> statistically tests on the output of a hash digest. Almost all RNG use
> either a hash algorithm or a cipher function in the last processing
Ah ok,.. thanks for saving me that time ;-)
>> to just generate a bunch of random data as it would be used for key
>> generation (both symmetric and asymmetric).
> The man page gives the answer:
> --gen-random 0|1|2 [count]
Sorry,.. must have overread this. I've actually (!) read the manpage.
>> It seems that it's quite easy to disable this limit in the gnupg
>> source, all I have to do is set max=something in keygen.c, correct?
> No, there is some limit in the RNG too.
Ok,.. but I suppose an error will tell me when I've reached this limit?
>> Is there any knowledge about specific weaknesses of such large keys? I
> Yes, you need to have a backup and that backup will be larger than
> others ;-)
Uhm,.. I could as a friend of mine who administrates a Tier2 with
something over <many many TBs> of storage,... wonder if I could fill
this with an RSA key *G*
More information about the Gnupg-users