On 11/07/13 16:23, Henry Hertz Hobbit wrote: > I imagine it would if I used the keys on Windows > for either signing or enciphering it may have created the random_seed > file but since I but I don't use them that way but only for verifying > detached signature files for what ever reason they never got created.
My best guess is that the random_seed is only created when GnuPG actually uses random numbers. Verifying a signature doesn't need randomness, unless you're using randomness to defeat side-channel attacks. I suppose this is not the case. Once it needs randomness, it will very likely just create a fresh random_seed file. > Whether you choose to believe my random chaging of nibbles in the > random_seed file (there is NO plan of what to change or even how > many and some of them may even get the same nibble with the change) > is up to you. I absolutely believe your intention to randomly change things. I also strongly suspect you are a human being, and I also believe humans are not very capable of generating randomness. But I already said this, so I don't understand why you think I doubt your intentions when I have explained my point earlier. Whether you agree on the inability of humans to generate randomness (or recognise it, for that matter) is another thing, in which I obviously leave you completely free. > I am NOT telling this person to do the same thing. It read as advice to me. You said: > ... but I do modify the random_seed file with hexedit for > each key-ring which some people object to. From my point of > view that is far better than just having each key-ring having > the same random_seed file. If I read someone say that what he does is, from his point of view, far better, I'm inclined to think he implicitly advises me to do the same. I'm not even going to start thinking about another implication that could, indeed, be made from this statement, which is not to have the same random_seed file some other way, like by deleting it. > In this case, since he copied the entire key ring I would advise > that he delete the random_seed file as a security measure. I agree :). By the way, the random_seed file is only part of the input to the randomisation. I don't think you'll actually create an insecure system when you copy it literally from another system, although I'm not sure what a capable attacker can do. That said, it's easy enough to not copy it (or delete it after copying), and it was never intended to be copied, so why not just do that. If you think of it. Otherwise, don't fret, you're probably safe. HTH, Peter. PS: Since there are 1200 nibbles in my random_seed file, I would indeed expect that after at most 16 changes, you will start changing nibbles to a value you already used. https://en.wikipedia.org/wiki/Pigeonhole_principle -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
