import trustdb.gpg or start from scratch?

Werner Koch wk at gnupg.org
Wed Nov 14 10:52:06 CET 2012


On Wed, 14 Nov 2012 00:27, rjh at sixdemonbag.org said:

> Including random_seed?  I've always been under the impression that's a
> big no-no.

Well, it is a backup and assumed to be used after a loss of data and not
to replicate the data to several sites.

random_seed is a cache file to speed up things.  It is never used
directly.  For key generation we make sure that at least 300 fresh
random bytes are mixed into the 600 bytes of the random pool (the state
on which the RNG works).

For session keys, we work on a random pool which has been initialized
from the random_seed file.  But we also mix some other state into it
(from the fast entropy gatherer).  Without a random_seed file, every use
of session keys (i.e. a plain public key encryption) would require a lot
of time to get entropy from the slow gatherer (usually /dev/random).
That just takes too long and wastes precious entropy.

Thus I consider it better to backup everything than to forget an
important file.  Backup's are always encrypted - aren't they?


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list