Enigmail speed geeking

Werner Koch wk at gnupg.org
Sun Mar 15 20:50:01 CET 2015

On Sun, 15 Mar 2015 16:32, stebe at mailbox.org said:

> Now, I'll look for information on how RNG in GnuPG exactly works. It *seems*
> that haveged should impact on the gathering of entropy (available) at the moment
> of keypair generation on any GNU/Linux PC/laptop equipped with it (specific

You can find this in the Libgcrypt manual:

  Libgcrypt provides 3 levels or random quality: The level
  'GCRY_VERY_STRONG_RANDOM' usually used for key generation, the level
  'GCRY_STRONG_RANDOM' for all other strong random requirements and the
  function 'gcry_create_nonce' which is used for weaker usages like
  nonces.  There is also a level 'GCRY_WEAK_RANDOM' which in general maps
  to 'GCRY_STRONG_RANDOM' except when used with the function
  'gcry_mpi_randomize', where it randomizes an multi-precision-integer
  using the 'gcry_create_nonce' function.
  There are two distinct random generators available:
     * The Continuously Seeded Pseudo Random Number Generator (CSPRNG),
       which is based on the classic GnuPG derived big pool
       implementation.  Implemented in 'random/random-csprng.c' and used
       by default.
     * A FIPS approved ANSI X9.31 PRNG using AES with a 128 bit key.
       Implemented in 'random/random-fips.c' and used if Libgcrypt is in
       FIPS mode.
  Both generators make use of so-called entropy gathering modules:
       Uses the operating system provided '/dev/random' and '/dev/urandom'
       Runs several operating system commands to collect entropy from
       sources like virtual machine and process statistics.  It is a kind
       of poor-man's '/dev/random' implementation.  It is not available in
       FIPS mode.
       Uses the operating system provided Entropy Gathering Daemon (EGD).
       The EGD basically uses the same algorithms as rndunix does.
       However as a system daemon it keeps on running and thus can serve
       several processes requiring entropy input and does not waste
       collected entropy if the application does not need all the
       collected entropy.  It is not available in FIPS mode.
       Targeted for the Microsoft Windows OS. It uses certain properties
       of that system and is the only gathering module available for that
       Extra module to collect additional entropy by utilizing a hardware
       random number generator.  As of now the only supported hardware RNG
       is the Padlock engine of VIA (Centaur) CPUs.  It is not available
       in FIPS mode.

  16.6.1 Description of the CSPRNG
  This random number generator is loosely modelled after the one described
  in Peter Gutmann's paper: "Software Generation of Practically Strong
  Random Numbers".(1)
     A pool of 600 bytes is used and mixed using the core RIPE-MD160 hash
  transform function.  Several extra features are used to make the robust
  against a wide variety of attacks and to protect against failures of
  subsystems.  The state of the generator may be saved to a file and
  initially seed form a file.
     Depending on how Libgcrypt was build the generator is able to select
  the best working entropy gathering module.  It makes use of the slow and
  fast collection methods and requires the pool to initially seeded form
  the slow gatherer or a seed file.  An entropy estimation is used to mix
  in enough data from the gather modules before returning the actual
  random output.  Process fork detection and protection is implemented.
     The implementation of the nonce generator (for 'gcry_create_nonce')
  is a straightforward repeated hash design: A 28 byte buffer is initially
  seeded with the PID and the time in seconds in the first 20 bytes and
  with 8 bytes of random taken from the 'GCRY_STRONG_RANDOM' generator.
  Random numbers are then created by hashing all the 28 bytes with SHA-1
  and saving that again in the first 20 bytes.  The hash is also returned
  as result.
     ---------- Footnotes ----------
     (1) Also described in chapter 6 of his book "Cryptographic Security
  Architecture", New York, 2004, ISBN 0-387-95387-6.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list