Signing keys on a low-entropy system
Leo Gaspard
ekleog at gmail.com
Fri Nov 8 00:23:29 CET 2013
(Failed again to answer to list. I really ought to replace this shortcut...)
On Fri, Nov 08, 2013 at 12:11:38AM +0100, Johannes Zarl wrote:
> Hi,
>
> I'm currently thinking about using a raspberry pi as a non-networked stand-
> alone system for signing keys. Since I haven't heard anything to the contrary,
> I'm pretty sure that entropy is relatively scarce on the pi.
I heard haveged is quite good at gathering entropy from anywhere it can
(processor cycles, etc.)
> How is GnuPG affected by such a low-entropy system? Will operations just take
> a bit longer, or can this affect the quality/security of generated keys or
> signatures?
>
> I heard that low entropy or a bad entropy source is generall less of a problem
> for RSA. Is this true? Does this affect me in practice?
In theory, if /dev/random is configured to allow only random enough data to
pass, it should just mean operations would just take longer. However, I am not
absolutely sure of this -- but I know in theory /dev/random ensures some minimum
entropy, thus sometimes blocking reads.
Cheers & HTH,
Leo
More information about the Gnupg-users
mailing list