key generation: paranoia mode - explicit random input
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Feb 26 06:19:17 CET 2014
On 02/26/2014 12:08 AM, Hauke Laging wrote:
> I suggest to add a new key generation mode. The only difference would be
> that the random input is not read from /dev/random any more (and that
> random_seed would not be used or newly initialized) but from an explicit
> source: --random-source /path/to/file. With that (I guess very small)
> change every GnuPG installation should generate the same key material
> (of course, the timestamps would have to be given, too).
>
> Then people who need a very high level of security could create a pool
> of random data (e.g. by reading from /dev/random) and use this data and
> the same timestamps with different Linux distros, even with Windows. ;-)
>
> If the generated keys are exactly the same on all systems then it is
> very improbable that the key generation has been compromised (or all is
> lost anyway).
>
> This would be much easier (and thus available to normal people) than
> attempts to audit a distro.
If i was an attacker who was compromising your software and i knew the
software had this verification mode, i would make my modified software
generate keys "correctly" when in this verification mode (clearly the
software can tell when the entropy source is not /dev/random), and when
it was not in this verification mode i would do my devious known-key
"generation".
So i don't see how this proposed change would let anyone sleep easier at
night, unfortunately.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140226/10c49156/attachment-0001.sig>
More information about the Gnupg-users
mailing list