key generation: paranoia mode - explicit random input

Peter Lebbing peter at
Wed Feb 26 22:29:46 CET 2014

On 26/02/14 22:08, Hauke Laging wrote:
> How is it going to do that if (a) it's running on an offline system and 
> (b) its output is compared with that of other GnuPG "versions"?

Ultrasound, in combination with a nearby compromised online system with a
microphone, for example. Your smartphone would be a pretty good candidate. Or
through not-so-random padding on subsequent messages when the key is used,
relying on you to bridge the air gap.

It sounds to me like the age-old "my system is compromised, but I still want to
use GnuPG on it". I think you've heard the answer to that.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list