entropy gathering daemon

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Mar 2 05:20:43 CET 2018


On Wed 2018-02-28 16:14:42 +0100, Werner Koch wrote:
> On Wed, 28 Feb 2018 15:53, edgar at pettijohn-web.com said:
>
>> for chroot'd programs that need it on a filesystem mounted nodev. I
>> sent some patches awhile back to add arc4random_buf as the entropy
>> gathering 'device'. Which I've been using with no problems since. And
>
> In case you have a problem with scarce entropy you may want to add
>
> only-urandom
>
> to /etc/gcrypt/random.conf - in almost all cases this okay for all
> libgcrypt users.

On the GNU/Linux platform, /dev/random is basically a legacy interface
at this point.  See the modern documentation in random(4).

/dev/urandom is considered appropriate for all use cases except the
early boot.  However, GnuPG and gcrypt don't know whether the're being
used in the early boot process or not.  Therefore, according to
random(4) they should be using the getrandom(2) system call with no
flags set.

Is there any chance that gcrypt will adopt this approach on GNU/Linux
systems, or at least make it available so that GnuPG can use it?

     --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180301/81411122/attachment.sig>


More information about the Gnupg-users mailing list