How insecure is using /dev/random for entropy generation?

Jean-David Beyer jeandavid8 at verizon.net
Sun Mar 31 12:29:19 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/30/2013 10:46 PM, Hauke Laging wrote:
[snip]
> gpg uses /dev/random. That's why key generation usually blocks due
> to lack of entropy if you do it right and boot a secure medium for
> key generation.
> 
> The kernel fills /dev/random from e.g. key strokes, disk accesses,
> and (if available and configured) internal CPU state (havaged) or a
> real hardware number generator. The kernel should take care that
> the entropy in /dev/random is "perfect".
> 
> The amount of available entropy can be seen in 
> /proc/sys/kernel/random/entropy_avail

I run RHEL 6. Last reboot (had to run Windows for a little while) was
a little over 6 days ago.
I tried that and got:

$ cat /proc/sys/kernel/random/entropy_avail
1849

Is that a lot or a little?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJRWA/9AAoJEBZthAoMYQyLK2IH/23tmS71RlUq1zlmQozvL4Mn
8N0Wbfj3uLuIOPOt9il0oApkdmZsOseZtp6XsF0OxtMHjuOdU9d83cKb+jzZE8Ee
oeno2/eRH09z/xIigUA7bYcS14gYq/WFV18Jnk6eez2BeAK8UsVva6GBI2aFi6QX
jphnprCdCfe/52yA9iS89S3zPrtShIMQnW3gL6iZr+bTiGjloEFGVpZv8rc4eAwv
aW76WOSck38E9L+mE1OeQ1eHEVWz68sbWQEjN3evOdPT1MvlgSBwvCLBTCJF2LPQ
y58tPHgkb3T1/k/K/sIasehniS3GdF+PAsbhDO5oZ5BJU2AUvJZR+gpisXQ/9L8=
=hKVy
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list