Signing keys on a low-entropy system

Leo Gaspard ekleog at
Fri Nov 8 00:23:29 CET 2013

(Failed again to answer to list. I really ought to replace this shortcut...)

On Fri, Nov 08, 2013 at 12:11:38AM +0100, Johannes Zarl wrote:
> Hi,
> I'm currently thinking about using a raspberry pi as a non-networked stand-
> alone system for signing keys. Since I haven't heard anything to the contrary,
> I'm pretty sure that entropy is relatively scarce on the pi.

I heard haveged is quite good at gathering entropy from anywhere it can
(processor cycles, etc.)

> How is GnuPG affected by such a low-entropy system? Will operations just take
> a bit longer, or can this affect the quality/security of generated keys or
> signatures?
> I heard that low entropy or a bad entropy source is generall less of a problem
> for RSA. Is this true? Does this affect me in practice?

In theory, if /dev/random is configured to allow only random enough data to
pass, it should just mean operations would just take longer. However, I am not
absolutely sure of this -- but I know in theory /dev/random ensures some minimum
entropy, thus sometimes blocking reads.

Cheers & HTH,


More information about the Gnupg-users mailing list