howto secure older keys after the recent attacks

Faramir faramir.cl at gmail.com
Sun Sep 13 04:02:35 CEST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

David Shaw escribió:
...
>> So my question is basically,..
>> If gpg would use this,... does it only improve the already existing
>> entropy and randomness of the kernel PRNG? I mean that gpg somehow
>> "merges" the different sources?
>> Or is it more or less a,.. either use the kernel PRNG or the hardware
>> RNG.
> 
> The kernel merges several sources of entropy into the /dev/random pool. 
> The entropy key would just be another source (though a very prolific
> source) of entropy.

  I remember an example from one of the Bruce Schneier book, where 2
people (Alice and Bob, of course) wanted to get a random bit. They
thought about each one flipping a coin, and then mixing the results. And
Bob said "what if one of us don't do it randomly", and Alice said as
long as one of the results was truly random, the final result would be
random. So I suppose as long as the entropy generator output is mixed
with other sources of entropy, it can't lower the quality of the final
entropy. But of course, maybe I didn't understand it right.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJKrFK7AAoJEMV4f6PvczxAk6cIAKfa64/reW57fOGrHcAxapEI
eOdCLI8MDvUVPVb5+dVVJL6WQXy6jbDAikkjbJuT8sSNaUpK8nkvPccVuI3mNVkg
8PExrLS2fnXqk3HtVWcXRd/TxoQNL454SZ9EXsjaRwqZvijDqpuwuwDmfg4EvWhY
SYgzJCboRTnbJhzpaAt+z23IrdSLKdV5EvRtK6RPwjQkvu84Y+EJKiT8qdf11hQe
sIzQQoi79k+sBuq8xn+JDRcSFbfjSIdU7erXDK9F2UchB9j7OXAtdqv3ChQN6Med
LXfmuqfd+GUeuFYYaBMgKj5S5IFsTiBc3mitcj1ulstPy2MlRHI/KTX9h9R1OMI=
=90/F
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list