[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using /dev/random for PGP key generation? Be Wary



-----BEGIN PGP SIGNED MESSAGE-----

[email protected] wrote in the c'punks list:
> Subject: Using /dev/random for PGP key generation? Be Wary
> 
> I have created a modified version of pgpi for use with a hardware random
> number generators. Recently, there has been some confusion because
> people have assumed that I wished people to use this version with
> NOISE.SYS or an RNG that gathers entropy from timing events called
> /dev/random.

My concern, since there is a DOS version available according to your 
announcement (and this applies to OS/2 and Linux compilations as well) is 
that your version assumes /dev/random produces a continuous stream rather 
than bursts of data limited to how much entropy is gathered.  A poor 
implementation even with a good driver is disasterous.

[..]
> Be assured that I originally planed the modification to be used with a
> real hardware RNG. I tested it with the CALNET/NEWBRIGE RNG under DOS
> and OS/2. The "RNGDRIVER" feature I tested with OS/2 and the driver in
> RNG810.ZIP available at ftp.cdrom.com.

Hmmm... I'll have to check that out.

[..]

> I am unsure about using my modification, together with these drivers
> that are not connected to a real hardware RNG. In what way would the use
> of these drivers' methods of gathering entropy be superior to PGP's
> method of getting entropy from keyboard timing? If you choose to do
> something like this, you should think carefully and make a careful study
> of the code.

I'm curious as to what method you tyest the hardware RNG's entropy?

[..]

> made to work. But careful thought an careful design should be done
> first.

Yep.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR/s2yoZzwIn1bdtAQEdeAF/XFFki97J+phJv76eMZXcMyHt1ChjN3FD
PsMvsq03g/QHYfAMhb25qoSp5H6F5HFZ
=2l/3
-----END PGP SIGNATURE-----