Q: When is the RNG needed?
Werner Koch
wk at frodo.isil.d.shuttle.de
Fri Jan 29 11:53:02 CET 1999
Stainless Steel Rat <ratinox at peorth.gweep.net> writes:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> "MFvM" == Michael Fischer von Mollard <fischer at math.uni-goettingen.de> writes:
>
> MFvM> Just a short question: When is the RNG actually needed? Only for key
> MFvM> generation?
>
> No, the PRNG is required every time a session key is generated, as the PRNG
> is the source of the session key.
Not a Pseudo RNG is needed but a RNG. The difference is that a PRNG
outputs a well defined sequence of random bytes once it has been
seeded.
DSA signatures and ElGamal encryption rely on a secret parameter k
which is only needed during the process of signing/encrypting and
this k never leaves the function. This k has to be generated by a
*good* RNG other wise your secret key will leak out.
Werner
More information about the Gnupg-devel
mailing list