On Wed, 28 Jan 2009 15:59, p4.tho...@googlemail.com said: > 1) When creating keys or other data which needs random numbers, how is > this done in gnupg? I mean does it per default use /dev/random? Or > does it have its own means like a modified Mersenne Twister or > whatever?
Read the manual of libgcrypt 1.4.4 - it includes a description of the RNG. The code in 1.4 is basically the same. > I wonder because I'd to test the used source with this > http://www.cacert.at/random/ so is there perhaps some function in gpg That are plainstupid tests. It does no make any sense at all to run statistically tests on the output of a hash digest. Almost all RNG use either a hash algorithm or a cipher function in the last processing stage. > to just generate a bunch of random data as it would be used for key > generation (both symmetric and asymmetric). The man page gives the answer: --gen-random 0|1|2 [count] Emit COUNT random bytes of the given quality level. If count is not given or zero, an endless sequence of random bytes will be emitted. PLEASE, don't use this command unless you know what you are doing; it may remove precious entropy from the system! > It seems that it's quite easy to disable this limit in the gnupg > source, all I have to do is set max=something in keygen.c, correct? No, there is some limit in the RNG too. > Is there any knowledge about specific weaknesses of such large keys? I Yes, you need to have a backup and that backup will be larger than others ;-) Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
