Primary and Signing Key on Different Smart Cards
andrewg at andrewg.com
Mon Nov 21 12:24:50 CET 2016
On 21/11/16 11:04, Peter Lebbing wrote:
>>> >> rather trust GnuPG's random number generator than the one on a cheap smartcard
>>> >> (or any smartcard for that matter). So I would recommend to not use the on-card
>>> >> key generation feature anyway.
>> > That's quite an interesting point that I have not thought about. Do
>> > you have any references to the papers that I can read on this subject?
> No, but I remember Werner Koch saying he'd rather not use the on-card
> RNG. I tried to find this, but the best I could find was his statement
> that you don't want regular DSA on smartcard. As I understand it,
> that is because of the risk of a failing RNG.
Have a look at the graphs on page 7 of this PDF:
tl;dr: Some smart cards have *shockingly* poor RNG implementations.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users