From tookmund at gmail.com Thu Jul 26 16:35:12 2018 From: tookmund at gmail.com (Jacob Adams) Date: Thu, 26 Jul 2018 11:35:12 -0400 Subject: [Pki-clean-room-devel] Entropy gathering In-Reply-To: <87po4nq77m.fsf@fifthhorseman.net> References: <87po4nq77m.fsf@fifthhorseman.net> Message-ID: On 03/02/2018 02:15 AM, Daniel Kahn Gillmor wrote: > Hi Rebecca-- > > On Thu 2018-03-01 22:42:05 +0000, Rebecca N. Palmer wrote: >> I did that, and it took ~10min of random typing to generate 4xrsa4096, >> at an explicit "We need to generate a lot of random bytes" GPG prompt, >> so it appears to me that GPG does wait for entropy and hence this isn't >> a security problem. > > This is not a security problem. However, it *is* a usability problem > for GnuPG. GnuPG does not need to block for as long as it did here, and > the fact that it's blocking for /dev/random indicates is a problem for > the usability of pki-clean-room. :/ > > I've just asked on gnupg-users at gnupg.org about any plans to move to the > more modern interfaces described in random(4), which should hopefully > address this usability concern. > >> (This was done in my stretch-based cleanroom described at >> https://lists.debian.org/debian-security/2018/02/msg00012.html , which >> unlike this repository's, does *not* include haveged. My hardware has >> RDRAND, but I don't know whether anything was using it.) > > I don't think you need to worry about the integrity of the key you > generated with that setup. > > I *do* think we need to address the implications of this workflow for > pki-clean-room, though. It's already pretty tough to get started with > anything like pki-clean-room. if the user has to bang meaninglessly on > a keyboard for ~10 minutes to use the thing in the first place, i > believe that will turn people off. > > bad usability is bad security, because people simply won't use the > security toolos have have bad usability in the first place. They'll > resort to whatever they were using before. Apologies for digging up an old thread but this issue has become relevant again as part of my Google Summer of Code project: https://salsa.debian.org/tookmund-guest/pgpcr/issues/16 I've installed rng-tools5: https://packages.debian.org/stretch/rng-tools5 But it requires newer hardware than than the minimum that I want the program to support, and so doesn't solve the problem for everyone. Havged seems like a good solution in theory, but seems to have some issues in practice (see http://jakob.engbloms.se/archives/1374 or https://crypto.stackexchange.com/a/8088 ) Are there any other approaches I've missed here to try and solve this problem? Thanks, Jacob -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: