Robert J. Hansen rjh at
Mon Jan 24 05:29:32 CET 2022

> I remember using a Windows-95-native PGP years ago that also used 
> keyboard and mouse events to acquire entropy; presumably, there was not 
> that much determinism, or every PGP key generated on Windows is likely 
> to be weak.

Win95 still allowed direct access to underlying hardware.  In the 
XP-and-beyond world, direct hardware access virtually requires a driver.

> If it reads /dev/random, you are fine; the Linux kernel collects very 
> good entropy and GPG uses (and has always used) that source.  If it does 
> something else, you probably have a problem, possibly a "Debian OpenSSL" 
> problem...

/dev/random didn't exist in 1991-2 when PGP 2.6.3i was written.  At 
least on SGI IRIX, the standard way of getting random bytes was to open 
an audio device and sample the least significant bits of the input stream...

More information about the Gnupg-users mailing list