Re: generating gpg keys

To: Jason Gunthorpe <jgg@gpu.srv.ualberta.ca>
Cc: Hamish Moffatt <hamish@debian.org>, debian-policy@lists.debian.org
Subject: Re: generating gpg keys
From: gsstark@mit.edu (Gregory S. Stark)
Date: 08 Jul 1998 01:11:21 -0400
Message-id: <[🔎] ycqyau5x6yu.fsf@portX48.lanzen.net>
In-reply-to: Jason Gunthorpe's message of "Tue, 7 Jul 1998 20:12:43 -0600 (MDT)"
References: <[🔎] Pine.LNX.3.96.980707201142.383u-100000@Wakko.ualberta.ca>

Jason Gunthorpe <jgg@gpu.srv.ualberta.ca> writes:

> On Wed, 8 Jul 1998, Hamish Moffatt wrote:
> 
> > On generating gpg keys, how can one go about getting enough entropy on
> > one's own machine? 

Odd, in the past I just moved the mouse around a bit and that was enough.
I was still able to create a 2048 bit key fairly easily just now.

> > gpg is unable to lock memory hence
> I got this warning on linux (2.0.34) too :<

This means gpg isn't installed setuid root. Which means it has no way to
prevent key data from being paged out to swap. Of course the "classic" pgp
doesn't even try to deal with this problem so you're no worse off. 

Basically if you don't trust the sysadmins of the machines you're in trouble
anyways (They could be eavesdropping on the terminal for your password). The
main danger here is that future compromises may be able to recover key data.

greg

--  
To UNSUBSCRIBE, email to debian-policy-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: generating gpg keys
  - From: Jason Gunthorpe <jgg@gpu.srv.ualberta.ca>

Prev by Date: Re: generating gpg keys
Next by Date: Re: FreeAmp/eMusic
Previous by thread: Re: generating gpg keys
Next by thread: Re: generating gpg keys
Index(es):
- Date
- Thread