Series of minor questions about OpenPGP 5

Peter Thomas p4.thomas at googlemail.com
Wed Jan 28 17:45:37 CET 2009


Hello Werner.

On Wed, Jan 28, 2009 at 5:10 PM, Werner Koch <wk at gnupg.org> wrote:
> Read the manual of libgcrypt 1.4.4 - it includes a description of the
> RNG.  The code in 1.4 is basically the same.
That's what I was looking for :-)

These levels described on
http://www.gnupg.org/documentation/manuals/gcrypt/Quality-of-random-numbers.html
... Is it possible to tell gnupg to use GCRY_VERY_STRONG_RANDOM also
for the session keys? Or wouldn't that make much better?

I've read about special hardware devices that (claim to) give true
random numbers, some based on thermodynamics some even on quantum
mechanics.
Have you heard about them? Are there any supported in Linux and would
it make sense or is it even possible to use them with gnupg?


>> I wonder because I'd to test the used source with this
>> http://www.cacert.at/random/ so is there perhaps some function in gpg
> That are plainstupid tests.  It does no make any sense at all to run
> statistically tests on the output of a hash digest.  Almost all RNG use
> either a hash algorithm or a cipher function in the last processing
> stage.
Ah ok,.. thanks for saving me that time ;-)


>> to just generate a bunch of random data as it would be used for key
>> generation (both symmetric and asymmetric).
> The man page gives the answer:
>    --gen-random 0|1|2 [count]
Sorry,.. must have overread this. I've actually (!) read the manpage.


>> It seems that it's quite easy to disable this limit in the gnupg
>> source, all I have to do is set max=something in keygen.c, correct?
> No, there is some limit in the RNG too.
Ok,.. but I suppose an error will tell me when I've reached this limit?


>> Is there any knowledge about specific weaknesses of such large keys? I
> Yes, you need to have a backup and that backup will be larger than
> others ;-)
Uhm,.. I could as a friend of mine who administrates a Tier2 with
something over <many many TBs> of storage,... wonder if I could fill
this with an RSA key *G*

Regards,
Peter



More information about the Gnupg-users mailing list