On Wed 2018-02-28 16:14:42 +0100, Werner Koch wrote: > On Wed, 28 Feb 2018 15:53, ed...@pettijohn-web.com said: > >> for chroot'd programs that need it on a filesystem mounted nodev. I >> sent some patches awhile back to add arc4random_buf as the entropy >> gathering 'device'. Which I've been using with no problems since. And > > In case you have a problem with scarce entropy you may want to add > > only-urandom > > to /etc/gcrypt/random.conf - in almost all cases this okay for all > libgcrypt users.
On the GNU/Linux platform, /dev/random is basically a legacy interface
at this point. See the modern documentation in random(4).
/dev/urandom is considered appropriate for all use cases except the
early boot. However, GnuPG and gcrypt don't know whether the're being
used in the early boot process or not. Therefore, according to
random(4) they should be using the getrandom(2) system call with no
flags set.
Is there any chance that gcrypt will adopt this approach on GNU/Linux
systems, or at least make it available so that GnuPG can use it?
--dkg
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
