cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1996-02-13 - Using /dev/random for PGP key generation? Be Wary

Header Data

From: rngaugp@alpha.c2.org
To: cypherpunks@toad.com
Message Hash: 7b14c52020d5749e44d83f6a34d608ba2b0532b7fd895cba08c800694947b3cc
Message ID: <199602121556.KAA00211@miron.vip.best.com>
Reply To: N/A
UTC Datetime: 1996-02-13 09:53:54 UTC
Raw Date: Tue, 13 Feb 1996 17:53:54 +0800

Raw message

From: rngaugp@alpha.c2.org
Date: Tue, 13 Feb 1996 17:53:54 +0800
To: cypherpunks@toad.com
Subject: Using /dev/random for PGP key generation? Be Wary
Message-ID: <199602121556.KAA00211@miron.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Subject: Using /dev/random for PGP key generation? Be Wary

I have created a modified version of pgpi for use with a hardware random
number generators. Recently, there has been some confusion because
people have assumed that I wished people to use this version with
NOISE.SYS or an RNG that gathers entropy from timing events called
/dev/random.

I did indeed mention /dev/random in the readme file, but I did this only
because I thought /dev/random would be a likely path for a hardware RNG
on a unix system. ( I have never tested this software under unix, but I
see no reason why the "RNGDRIVER" feature of the modified PGPI would not
work under unix.)

Be assured that I originally planed the modification to be used with a
real hardware RNG. I tested it with the CALNET/NEWBRIGE RNG under DOS
and OS/2. The "RNGDRIVER" feature I tested with OS/2 and the driver in
RNG810.ZIP available at ftp.cdrom.com.

You may be able to compile and run it under other OSes as well. I see no
reason why not.


It is my understanding that NOISE.SYS gathers entropy from timing
certain events. I have recently learned that a /dev/random works under
Linux also by gathering entropy from timing.

I am unsure about using my modification, together with these drivers
that are not connected to a real hardware RNG. In what way would the use
of these drivers' methods of gathering entropy be superior to PGP's
method of getting entropy from keyboard timing? If you choose to do
something like this, you should think carefully and make a careful study
of the code.


One thought for the future: It would be nice if BBS'es that run
unattended could have a version of pgp that they could run without
worrying about running out of entropy! (Because no one is there to type
on the keyboard.) Perhaps something like NOISE.SYS (that would get
entropy from the COM ports) put together with my mod to pgpi could be
made to work. But careful thought an careful design should be done
first.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: cp850

iQCVAgUBMR63hs29s2mG+tTVAQFyKwP+Mh95ZNwwrBF+UjEKlEcfaiWY5ab8NthC
b3j4cmv9PUXLrCM4DUH2iXtY2f9YNN9GsWT1S1Eu2b0368VBkQTm1+eWcKiDVmlB
DumNmt4rZPhYam7wc/5gyGdIyzhGJBeJ0ZOP1kd4w0TfLsDprwKGOD1a0N7T3Ycz
gFqBX34x59s=
=MDXi
-----END PGP SIGNATURE-----

Thread