Use of gen-random

Hardeep Singh hs2412 at gmail.com
Sat Nov 1 09:26:09 CET 2008


I am sure people have still not explained at a level you would
understand. Hence I am having a go.
In physical terms entropy means the amount of disorder. Example, take
a square box and add some white marbles to it. then add some black
marbles. At this time all white marbles lie at the lower levels where
as black marbles are at higher levels. Which means there is order, and
entropy is less. Shake the box. Now entropy has increased.

In the same way, when you work on the PC, entropy generating processes
keep recording random data. For example each person has a different
typing speed/habbit. This is used as one basis for entropy. Another
way is disk access. When a process asks for random data, its given out
of the pool.

The story forward is well explained in the other replies.


Hardeep Singh
http://blog.Hardeep.name



On Fri, Oct 31, 2008 at 11:01 PM, Michael <mjkortve at optusnet.com.au> wrote:
>  Hi all, I was trying out one of the options of gpg, as it arose during
> a discussion on the group.
>
>  gpg --gen-random [012] n
>
>  does what I would reasonably expect: generates 'n' random bits of data
> using one of three methods. However, on reading up the option in the man
> page it mentions the possibility of "removing entropy from your system".
>
>  Actually, from the man page:
>
> --gen-random 0|1|2
>              Emit _____ random bytes of the given quality level. If
>
>              count is not given  or zero, an endless sequence of
>              random bytes will be emitted.  PLEASE, don't use this
>                                              command unless you know
> what you are doing; it may
>              remove precious entropy from the system!
>
>
>  Now I'll admit openly I don't always know /exactly/ what I am doing,
> but am prepared to make mistakes to learn. At first I thought perhaps
> the documentation writers were having a bit of a joke a la many unix
> man pages have a geeky sense of humour. But on reflection I realise
> that they are being serious here.
>
>  So I am curious, how might I _lose_ entropy by _generating_ random
> numbers? What do each of the three methods do?
>
>  So I experiment, and generate a small number (20 bits) of random
> numbers at the command line as per
>  gpg --gen-random 0 20
>  and it outputs what looks like gibberish to me. I won't copy the
> actual output simply because anyone can do this experiment for
> themselves to see the sort of output you get.
>
>  But when I use the 2 method, I get an error/warning about running
> diskperf in order to generate disk statistics. Well, I don't have
> diskperf on my windows system (though there may well be a win version, I
> don't know). What I am concerned about is why it might want disk
> statistics and have I "lost precious entropy" from my system?
>
>  Let me say, I'm partly humorous here; if I understand roughly what is
> happening, then the danger is to not set a specific number of bits and
> hence run the risk of gen-random simply emitting random data until it
> eventually somehow 'overflows the available randomness' inherent in my
> system. But simply outputting 20 random bits wouldn't risk doing that, so
> my little experiment is fairly safe. Since it doesn't go much into the
> details in the man page about what the methods are, and what the risk
> actually is (it may be highly technical and hence beyond the scope of a
> manual) it seems appropriate to ask in this forum, since it came up.
>
>  Although my background is technical, and I can understand mathematical
> expressions, I don't read source code for breakfast and am really more
> curious about the engineering details of what is going on rather than a
> mathematical description. Where does gpg "gather" it's randomness, and
> just how much is available in a simple system such as mine?
>
>  And just finally, may I take the opportunity to say how much I enjoy
> the various discussions in this group, generally the quality of the
> questions and the help has consistently been excellent.
>
>  Cheers for now,
> Michael Kortvelyesy.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>



More information about the Gnupg-users mailing list