import trustdb.gpg or start from scratch?

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Wed Nov 14 12:15:49 CET 2012


On 11/14/2012 10:52 AM, Werner Koch wrote:
> On Wed, 14 Nov 2012 00:27, rjh at sixdemonbag.org said:
> 
>> Including random_seed?  I've always been under the impression that's a
>> big no-no.
> 
> Well, it is a backup and assumed to be used after a loss of data and not
> to replicate the data to several sites.
> 
> random_seed is a cache file to speed up things.  It is never used
> directly.  For key generation we make sure that at least 300 fresh
> random bytes are mixed into the 600 bytes of the random pool (the state
> on which the RNG works).
> 
> For session keys, we work on a random pool which has been initialized
> from the random_seed file.  But we also mix some other state into it
> (from the fast entropy gatherer).  Without a random_seed file, every use
> of session keys (i.e. a plain public key encryption) would require a lot
> of time to get entropy from the slow gatherer (usually /dev/random).
> That just takes too long and wastes precious entropy.

Is there any configuration option to force the use of /dev/random? I'm
thinking mainly of the case where a system has a TRNG device and there
isn't expected to be a block on such a request.


-- 
----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Divide et impera
Divide and govern
----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 903 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20121114/1a11025f/attachment-0001.pgp>


More information about the Gnupg-users mailing list