Re: entropy gathering daemon
On Fri, 2 Mar 2018 05:20, d...@fifthhorseman.net said: > Is there any chance that gcrypt will adopt this approach on GNU/Linux > systems, or at least make it available so that GnuPG can use it? This is already the case since libgcrypt 1.7.1; /etc/gcrypt/random.conf was only added with 1.8.0. Note that you can't verify that by watching for an open of /dev/[u]random - the device will be opened in any case. Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpS_aMAC_NXn.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: entropy gathering daemon
On Wed 2018-02-28 16:14:42 +0100, Werner Koch wrote: > On Wed, 28 Feb 2018 15:53, ed...@pettijohn-web.com said: > >> for chroot'd programs that need it on a filesystem mounted nodev. I >> sent some patches awhile back to add arc4random_buf as the entropy >> gathering 'device'. Which I've been using with no problems since. And > > In case you have a problem with scarce entropy you may want to add > > only-urandom > > to /etc/gcrypt/random.conf - in almost all cases this okay for all > libgcrypt users. On the GNU/Linux platform, /dev/random is basically a legacy interface at this point. See the modern documentation in random(4). /dev/urandom is considered appropriate for all use cases except the early boot. However, GnuPG and gcrypt don't know whether the're being used in the early boot process or not. Therefore, according to random(4) they should be using the getrandom(2) system call with no flags set. Is there any chance that gcrypt will adopt this approach on GNU/Linux systems, or at least make it available so that GnuPG can use it? --dkg signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: entropy gathering daemon
On Wed, 28 Feb 2018 15:53, ed...@pettijohn-web.com said: > for chroot'd programs that need it on a filesystem mounted nodev. I > sent some patches awhile back to add arc4random_buf as the entropy > gathering 'device'. Which I've been using with no problems since. And In case you have a problem with scarce entropy you may want to add only-urandom to /etc/gcrypt/random.conf - in almost all cases this okay for all libgcrypt users. Salam-Shalom, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpMFsUA99SaL.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: entropy gathering daemon
On Feb 28, 2018 8:22 AM, Werner Koch wrote: > > On Sun, 4 Feb 2018 08:44, ed...@pettijohn-web.com said: > > > Is it no longer possible to use egd? Most of the info I can find seems > > If Libgcrypt has been configured with EGD support this should still > work. I have not tested it for more than a decade, though. > > Why do you want to use it? Which OS does not support /dev/random and > why don't you want to use the fallback rndunix driver in Libgcrypt. > > > Shalom-Salam, > > Werner > I overlooked the configure switches. Got it working. The use case is for chroot'd programs that need it on a filesystem mounted nodev. I sent some patches awhile back to add arc4random_buf as the entropy gathering 'device'. Which I've been using with no problems since. And it's a little faster than going through the egd. Thanks, Edgar > > -- > # Please read: Daniel Ellsberg - The Doomsday Machine # > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: entropy gathering daemon
On Sun, 4 Feb 2018 08:44, ed...@pettijohn-web.com said: > Is it no longer possible to use egd? Most of the info I can find seems If Libgcrypt has been configured with EGD support this should still work. I have not tested it for more than a decade, though. Why do you want to use it? Which OS does not support /dev/random and why don't you want to use the fallback rndunix driver in Libgcrypt. Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpGj4C4OLA8A.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
entropy gathering daemon
Is it no longer possible to use egd? Most of the info I can find seems rather old, and so far I haven't been able to find a way to make it work. If it is still possible how do I do it. Thanks in advance, Edgar ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users