[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
No Subject
-----BEGIN PGP SIGNED MESSAGE-----
There is now support for using a hardware random number generator
with the most recent versions of PGP.
Versions pgp 2.62 unofficial international versions,
pgp 2.62 international version
and pgp 2.62 (from mit)
are supported. The files for this modification of pgp
are at the export controled ftp site in the directory:
ftp://ftp.csn.net/mpj/I_will_not_export/crypto_????????/pgp/rng
the files are:
rg262mit.zip
rg262i.zip (Can be used in Canada)
rg262ui.zip (Can be used in Canada)
Sources for the modifications are included. Executables are
included for OS/2 and MSDOS.
In the above ????????? varies because of the export control
scheme. To get the files if you are in the U.S. and Canada
first get the file ftp://ftp.csn.net/mpj/README.MPJ and
follow the instructions.
Many thanks to [email protected] for providing storage at the
export controled ftp site.
Here is the README file that comes with the modifications.
- ----------------------------------------
Hardware Random Number Support for PGP.
Version
Ever get tired of typing in keyboard timing strokes while generating a
PGP key? Ever want to use PGP unattended, but be foiled because there is
no one there to type the keyboard timing strokes?
Ever wonder if PGP's method of generating random number might have some
subtle flaw which would expose it to cryptanalysis?
This is a modified version of PGP which allows it to be used with a
hardware random number generator. Two kinds of RNG are supported:
First, any RNG with a IO driver that makes the RNG look like a file that
can be opened (fopen) such that each byte read is a random byte. Second,
a bus RNG under the x86 architecture such that random bytes my be
obtained with a simple "IN" instruction. The CALNET/NEWBRIDGE RNG is an
example of this kind of RNG. A crude sanity check is done to check that
the bytes appear to be random.
To use the hardware random number generator feature of this software,
you must define _ONE_ of the new configuration file parameters RNGDRIVER
or RNGPORT in config.txt or from the command line. If you have a RNG of
the first type, define RNGDRIVER to be the complete path to the RNG
driver. If you have a RNG of the second type, define RNGPORT to be the
port number from which to get random numbers. You can use hexadecimal
i.e. 0x300.
Examples:
RNGDRIVER=/dev/random
or
RNGPORT=0x300
If neither of these are defined the modified PGP will get its RANDOM
numbers in exactly the same way that regular PGP does, through keyboard
timing. If one of these parameters is set correctly, the modified PGP
will get its random numbers from the RNG and you will never be asked to
type keyboard timing stokes.
I have compiled a version of PGP that supports a hardware RNG for MSDOS
and OS/2. I have included the source files for each file that has been
modified. To compile get the original source files, put in the modified
files and compile as usual.
The new source files and this software are covered by the same license
as the original, LICENCE.
There are similar available modifications for the other two major
versions of PGP, OTHERS.
If someone out there has an PSI-LINE random number generator that
attaches to a RS-232 port as if it were a modem, please test it with
this software. If the software line characteristics (baud rate, flow
control, stopbits, ect) are set correctly (You will have to do this
yourself, as this modified PGP does not do this) then all you should
have to do is set RNGDRIVER to the RS232 device name. I have not tested
this because I do not have this kind of RNG.
Someone may wish to add code to set the software line characteristics,
but this may be difficult, as the code would vary by operating system
and even among the various flavors of UNIX.
If you do such a test please report the results to alt.security.pgp and
cypherpunks.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMHK/Sc29s2mG+tTVAQE0hwQAoDsgqF6AoIGCNOSOdWZemrGRl4/MVvjR
xiwhgROtjFM1FEL4Ak/j8YlR/LSCbOdeF3hZzesaZq8xC25qwlXFEtDX8kqim3zh
bOglEMW/x3M9uBQLm0Nyc8FTickaAD3L1Gsa/YMY2slmN3PrZiY0/KSVpPXEMHjK
GjeM2U7XJSk=
=E5gC
-----END PGP SIGNATURE-----