Key Generation

Werner Koch wk at isil.d.shuttle.de
Wed Jul 8 11:18:44 CEST 1998


Harry Tuttle <htuttle at samson.ml.org> writes:

> only with different "Bytes Needed". This is the message I just got
> from the lastest version of G10 (V.0.3.1)

Time for a FAQ :-)

It is really not easy to fill the Linux internal entropy buffer; I
talked to Ted Ts'o and he commited that the best way to fill the
buffer is to play with your keyboard.  

What I do is to hit several times on the shift,control, alternate,
capslock keys, as these keys do not produce any output.  This way you
get your keys really fast (it's the same thing pgp2 does). 

A problem might be another program which eats up your random bytes 
(a program (look at your daemons) that reads from /dev/[u]random).

I have the same problem when I try to do this via telnet - not for
real work but to test the program - it takes *very* long.  You should
NEVER do this via telnet (even not with ssh) as your passphrase walks
over a telco (or Ethernet) line and is easy to spy out.  Also you have
no physical control over your secret keyring (which is in most cases
vulnerable to advanced dictionary attacks) - I strongly encourage
everyone to only create keys on a local computer (a disconnected
laptop is probably the best choice) and if you need it on your
connected box (of course, we all do this) be sure to have a strong 
password for your account and trust your root.  


Hope this helps, if not keep on asking


Werner
 





More information about the Gnupg-devel mailing list