Why does gpg use so much entropy from /dev/random?

Philip Potter philip.g.potter at gmail.com
Mon Apr 1 12:16:28 CEST 2013


On 31 March 2013 18:33, Hauke Laging <mailinglisten at hauke-laging.de> wrote:
> strace -e trace=open,read gpg --armor --gen-random 0 16
> [...]
> open("/dev/urandom", O_RDONLY)          = 3
> read(3, "\332\376J\314\1[\357\n7ee\303\372\3555h", 16) = 16
>
>
> strace -e trace=open,read gpg --armor --gen-random 1 16
> [...]
> open("/dev/urandom", O_RDONLY)          = 3
> read(3, "\3471=\307+n\3656\204\31!\232\270\303\324[", 16) = 16
>
> (Strange. Werner, have I found a bug? :-)  )

Having done a little digging, I think I can shed a little light on
this. From libgcrypt/src/gcrypt.h.in:

/* The possible values for the random quality.  The rule of thumb is
   to use STRONG for session keys and VERY_STRONG for key material.
   WEAK is usually an alias for STRONG and should not be used anymore
   (except with gcry_mpi_randomize); use gcry_create_nonce instead. */
typedef enum gcry_random_level
  {
    GCRY_WEAK_RANDOM = 0,
    GCRY_STRONG_RANDOM = 1,
    GCRY_VERY_STRONG_RANDOM = 2
  }
gcry_random_level_t;

The levels provided to --gen-random correspond to the values of this
enum.  As the comment indicates, for most purposes level 0 and 1 do
the same thing.

> strace -e trace=open,read gpg --armor --gen-random 2 16
> [...]
> open("/dev/random", O_RDONLY)           = 4
> read(4, "\1\362P\231..."..., 300) = 128
> read(4, "+7m\2314|\353..."..., 172) = 128
> read(4, "\233\272~\237\..."..., 44) = 44
>
> So we see: If high quality entropy is required then gpg reads
> (128+128+44)/16=18.75 times as much entropy from /dev/random as demanded.
>
>
> Hauke
> --
>> PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
> http://www.openpgp-schulungen.de/



More information about the Gnupg-users mailing list