Am Sa 30.03.2013, 20:50:48 schrieb Anthony Papillion: > I meed to generate a new key and want to make sure I create enough > entropy to make the key secure. My normal method is to type on the > keyboard, start large programs, etc. But a friend suggested that I use > /dev/random.
gpg uses /dev/random. That's why key generation usually blocks due to lack of entropy if you do it right and boot a secure medium for key generation. The kernel fills /dev/random from e.g. key strokes, disk accesses, and (if available and configured) internal CPU state (havaged) or a real hardware number generator. The kernel should take care that the entropy in /dev/random is "perfect". The amount of available entropy can be seen in /proc/sys/kernel/random/entropy_avail To my knowledge it is not possible (without source code change) to make gpg use another source than /dev/random. But I don't know whether it checks just the path or the device number... ;-) Hauke -- ☺ PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users