Key generation: is it possible to fail fast?
Justus Winter
justus at g10code.com
Mon Feb 20 10:28:46 CET 2017
Bjarni Runar Einarsson <bre at pagekite.net> writes:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Justus,
>
> Justus Winter <justus at g10code.com> wrote:
>> At our last hackathon we briefly pondered an idea to make key
>> generation appear fast without compromising on key strength:
>> When the frontend starts a new key generation wizard, start
>> collecting entropy in the backend, and use this to speed up the
>> generation once the user completed the wizard.
>
> Interesting idea.
>
> This might improve the experience of manual users, but for tools
> which use GnuPG as a backend/API, this wouldn't change anything
> since the wizard would be completed instantly.
>
> It also probably only helps if the kernel's entropy pool is
> nearly full when GnuPG is started. If it's not, then the total
> time will remain unchanged because the kernel is already
> gathering entropy in the background, no matter what GnuPG is
> doing.
Sorry, I didn't get the idea across. I meant to say that a frontend
like the MUA can communicate that it started a key generation wizard to
GnuPG running as a background service.
Justus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: </pipermail/attachments/20170220/8c481d13/attachment.sig>
More information about the Gnupg-devel
mailing list