Can't gpg --gen-key
Frank Tobin
ftobin@neverending.org
Thu Aug 23 13:03:02 2001
Werner Koch, at 09:53 +0200 on 23 Aug 2001, wrote:
1. Don't use telnet - it is ridiculous to send the passphrase in clear
They could be using IPsec, OTP, or Kerberos.
2. If you need to do this on a remote machine, use SSH [1].
You mean a free ssh client, no? :)
3. You should enable the random device on FreeBSD, I don't know how to
do it, but with a proper confiuration the machine can collect
enough entropy even without someone hitting on the keyboard.
It should help to start some background jobs like "find / -type f
xargs -n 100 grep jhdgfjhf"
This is a FAQ. The answer is to use rndcontrol(8) to add IRQ's to the
entropy-gathering utility. Perhaps if GnuPG is used on a BSD, this could
be spit out when --gen-key is performed.
[1] Entering passphrases over an SSH channel is not as secure as
believed, it may be better to pipe the passphrase to the remote
machine. See the recent Song/Wagner/Tian paper - it is in the news.
Or use public/private keys.
--
Frank Tobin http://www.neverending.org/~ftobin/