On Wed 2018-02-28 16:14:42 +0100, Werner Koch wrote: > On Wed, 28 Feb 2018 15:53, ed...@pettijohn-web.com said: > >> for chroot'd programs that need it on a filesystem mounted nodev. I >> sent some patches awhile back to add arc4random_buf as the entropy >> gathering 'device'. Which I've been using with no problems since. And > > In case you have a problem with scarce entropy you may want to add > > only-urandom > > to /etc/gcrypt/random.conf - in almost all cases this okay for all > libgcrypt users.
On the GNU/Linux platform, /dev/random is basically a legacy interface at this point. See the modern documentation in random(4). /dev/urandom is considered appropriate for all use cases except the early boot. However, GnuPG and gcrypt don't know whether the're being used in the early boot process or not. Therefore, according to random(4) they should be using the getrandom(2) system call with no flags set. Is there any chance that gcrypt will adopt this approach on GNU/Linux systems, or at least make it available so that GnuPG can use it? --dkg
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupgemail@example.com http://lists.gnupg.org/mailman/listinfo/gnupg-users