A Quick Supplement

Robert J. Hansen rjh at sixdemonbag.org
Tue Jul 18 22:49:38 CEST 2017

> Sorry if I'm asking dumb questions

Not a dumb question.

> what would be wrong with sync'ing the whole gnupg directory (or the
> whole user profile / home directory) with rsync/duplicity/whatever ?

There are a number of lockfiles, sockets, etc., that live in the
~/.gnupg directory which shouldn't be copied.

> Also, can you point me to a more in-depth explanation on the security
> implications of re-using random_seed? I can imagine what you mean, but
> I'd like to know more.

No, because GnuPG has a ton of different pseudorandom number generators
that it can use.  An in-depth explanation would require knowing specific
versions of your operating system, possibly even which chipsets you're
using (hardware accelerators, etc.) -- and at that point I'm going to
start charging you my consulting rates.  :)

In a nutshell, though: a pseudorandom number generator has some internal
data that it uses to generate the sequences.  If you restore the PRNG to
an earlier state, it'll generate the same numbers over again... at which
point, they're really not random any more.

random_seed is internal data belonging to the PRNG.

Don't share it.  :)

More information about the Gnupg-users mailing list