How insecure is using /dev/random for entropy generation?
Robert J. Hansen
rjh at sixdemonbag.org
Sun Mar 31 05:08:04 CEST 2013
On 3/30/2013 9:50 PM, Anthony Papillion wrote:
> I meed to generate a new key and want to make sure I create enough
> entropy to make the key secure. My normal method is to type on the
> keyboard, start large programs, etc. But a friend suggested that I use
> /dev/random.
>
> Is this suitable for creating a PGP key? I've got concerns.
By default, GnuPG uses RNGs that are as high-quality as the operating
system provides. However, since there's no standard RNG across
operating systems, GnuPG has no standard RNG, either. On Win32 GnuPG
uses the Win32 API and CryptGenRandom; on many UNIXes it uses
/dev/random; I don't know what the OpenVMS port uses but I rather doubt
it's either /dev/random or CryptGenRandom. :)
The best advice I can give you is "use whatever GnuPG uses by default
for your operating system." It's the default for a reason: namely, it's
safe and known to work well. :)
More information about the Gnupg-users
mailing list