Random Seed for Generating PGP Keys

flapflap flapflap at riseup.net
Wed May 27 21:17:35 CEST 2015


George Lee:
> I'm not trying to generate multiple random numbers, but just generate a PGP
> key one time in a way that is very hard to crack by basing it on a one-time
> seed generated manually in a reliably random way.

I might be wrong here, but as I understand it you need way more often
random numbers than you seem to expect.  The random number is not only
needed for your - for example - RSA OpenPGP key certificate.  You also
need random numbers for the AES session keys that are actually used to
encrypt a file or an email.  If you had a perfectly random RSA key and
used it to encrypt AES session keys for emails, but every session key
turned out to be 0x00 for all the messages (because your RNG is
buggy/backdoored), and your advisary nows this, they simply can use the
known session key 0x00 and don't care for your RSA key.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150527/8315c963/attachment.sig>


More information about the Gnupg-users mailing list