Hi Werner,
Thanks very much for your response. I think I'll take some time to digest it :)
Phil
On 2 April 2013 11:52, Werner Koch <w...@gnupg.org> wrote:
> On Sun, 31 Mar 2013 11:45, philip.g.pot...@gmail.com said:
>
>> Can anyone shed any light on this? Why does GPG use more entropy than
>> /dev/random says it should?
>
> Which /dev/random - there are hundreds of variants of that device all
> with other glitches. Thus GnuPG has always used /dev/random only as a
> source of entropy to seed its own RNG:
>
> This random number generator is loosely modelled after the one
> described in Peter Gutmann's paper: "Software Generation of
> Practically Strong Random Numbers".@footnote{Also described in chapter
> 6 of his book "Cryptographic Security Architecture", New York, 2004,
> ISBN 0-387-95387-6.}
>
> A pool of 600 bytes is used and mixed using the core RIPE-MD160 hash
> transform function. Several extra features are used to make the
> robust against a wide variety of attacks and to protect against
> failures of subsystems. The state of the generator may be saved to a
> file and initially seed form a file.
>
> Depending on how Libgcrypt was build the generator is able to select
> the best working entropy gathering module. It makes use of the slow
> and fast collection methods and requires the pool to initially seeded
> form the slow gatherer or a seed file. An entropy estimation is used
> to mix in enough data from the gather modules before returning the
> actual random output. Process fork detection and protection is
> implemented.
>
> GPG uses ~/.gnupg/random_seed but it needs to creater it first. For
> generating keys it also makes sure to put in a lot of new entropy just
> to be safe. Better be safe than sorry (cf. the recent NetBSD problem).
>
>
> Salam-Shalom,
>
> Werner
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
