Hi, Stef Caunter wrote:
I have populated ~/.gnupg/random_seed with 600 bytes from /dev/urandom
This is generally a very *bad* idea in terms of cryptography: /dev/urandom uses a pseudo-random generator with predictable results, (relatively) low random quality that is not suitable at all for generating secure key pairs.
That is covered in the GnuPG documentation.
I have asked the admin to add IRQs to rndcontrol.
This on the other hand is a pretty good idea.
Is this just the way it is on FreeBSD (4.11-RELEASE)? There is plenty of randomness in /dev/urandom, and none in /dev/random...
It is always "the way it is" when you attempt to use the entropy pool on a remote system that you control through the network : there are simply not enough unpredictable physical events around the server to gather quickly more entropy. Also happen with linux, or other flavours of <insert your favorite system without hardware random generator here>.
Mind that Henry Herts Hobbits has a point here: you should not be generating keys that you intend to be secure using a remote shell access.
Rationale for this is covered in the GnuPG documentation as well. Regards, -- Raphaël
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
