Announced chat control by the EU
Robert J. Hansen
rjh at sixdemonbag.org
Thu Oct 9 09:40:05 CEST 2025
> I have not checked (hint!) the source code (hint!) specifically, but I
> have a vague recollection that 1.4 depended heavily or completely on /
> dev/random. If the system RNG is secure, so are the keys generated by
> GPG 1.4. It might be advisable to have the box running for some time (a
> day or more if possible) to ensure that sufficient entropy has been
> gathered before generating keys.
For Linux systems, for about five years now at system boot /dev/urandom
is initialized. Once it's fully initialized calls to /dev/random are
silently redirected to /dev/urandom. It doesn't take long at all for
/dev/urandom to spin up, either.
A *lot* of effort has been put into making /dev/urandom a high quality
CSPRNG. I highly recommend using it, and only it, and especially
recommend abandoning any attempts at rolling your own CSPRNG.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251009/6005dea5/attachment.sig>
More information about the Gnupg-users
mailing list