# BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

# [Discuss] How do I add entropy?

*Subject*: [Discuss] How do I add entropy?*From*: kentborg at borg.org (Kent Borg)*Date*: Sun, 07 Sep 2014 08:52:45 -0400*In-reply-to*: <2091574.2kyEmHr34c@thinkpad>*References*: <2091574.2kyEmHr34c@thinkpad>

Does GPG use /dev/random? I think so... On my current Linux installation, Debian 7, my pool size is 4096-bits, and my last couple Ubuntus were I think the same. That is a lot. A public key of 4096-bits is like a much shorter symmetric key (~200-bits?), so unless you are generating a bunch of keys, you shouldn't have any problem. The entropy accounting in the kernel is very conservative, and it is an inherently impossible task unless one can precisely characterize the source and the kernel can't. By the time GPG is happy with with the entropy it has drawn, you should be perfectly fine. (Assuming GPG doesn't have some other vulnerability. But is has to be bug free, right?) As for sources of entropy, this has been a moving target. For a while the urandom maintainer was removing every source of entropy he couldn't characterize, which means he was removing nearly everything, which was stupid. More recently sanity as reigned and the idea is that stirring the entropy pool is always a good idea, even with predictable data, so numbers of entropy sources are increasing. But who knows which policy is in your current kernel? In any event, wiggling the mouse and typing stuff has always been used as an entropy source. Drifting off topic, one of my arguments is that on a fast x86 machine where the timestamp counter is running at a GHz-plus rate, and every time an interrupt comes in the count can be sampled and the lowest order bits will contain some entropy. Why? Because a GHz-plus clock is really fast, it is hard to know the precise value of such a clock at any distance--that's why computer hardware doesn't try to distribute that fast a clock any distance, the skew gets too much for synchronous circuits to function. So if you are running a sane kernel and the ethernet driver interrupts are used as an entropy source, just receiving a packet with generate real entropy. (Unfortunately, ARM chips don't have such a high speed counter. Getting entropy off a counter of just a few hundred megahertz isn't as good. It is much easier to know that at a greater distance.) -kb

**Follow-Ups**:**[Discuss] How do I add entropy?***From:*bill.n1vux at gmail.com (Bill Ricker)

**References**:**[Discuss] How do I add entropy?***From:*bill at horne.net (Bill Horne)

- Prev by Date:
**[Discuss] What key lengths are currently adequate?** - Next by Date:
**[Discuss] What key lengths are currently adequate?** - Previous by thread:
**[Discuss] How do I add entropy?** - Next by thread:
**[Discuss] How do I add entropy?** - Index(es):