Am Sa 30.03.2013, 20:50:48 schrieb Anthony Papillion:

> I meed to generate a new key and want to make sure I create enough
> entropy to make the key secure. My normal method is to type on the
> keyboard, start large programs, etc. But a friend suggested that I use
> /dev/random.

gpg uses /dev/random. That's why key generation usually blocks due to lack of
entropy if you do it right and boot a secure medium for key generation.

The kernel fills /dev/random from e.g. key strokes, disk accesses, and (if
available and configured) internal CPU state (havaged) or a real hardware
number generator. The kernel should take care that the entropy in /dev/random
is "perfect".

The amount of available entropy can be seen in
/proc/sys/kernel/random/entropy_avail

To my knowledge it is not possible (without source code change) to make gpg
use another source than /dev/random. But I don't know whether it checks just
the path or the device number... ;-)


Hauke
--
☺
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-schulungen.de/

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to