How insecure is using /dev/random for entropy generation?
mailinglisten at hauke-laging.de
Sun Mar 31 04:46:55 CEST 2013
Am Sa 30.03.2013, 20:50:48 schrieb Anthony Papillion:
> I meed to generate a new key and want to make sure I create enough
> entropy to make the key secure. My normal method is to type on the
> keyboard, start large programs, etc. But a friend suggested that I use
gpg uses /dev/random. That's why key generation usually blocks due to lack of
entropy if you do it right and boot a secure medium for key generation.
The kernel fills /dev/random from e.g. key strokes, disk accesses, and (if
available and configured) internal CPU state (havaged) or a real hardware
number generator. The kernel should take care that the entropy in /dev/random
The amount of available entropy can be seen in
To my knowledge it is not possible (without source code change) to make gpg
use another source than /dev/random. But I don't know whether it checks just
the path or the device number... ;-)
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 572 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users