-----BEGIN PGP SIGNED MESSAGE----- Subject: Using /dev/random for PGP key generation? Be Wary I have created a modified version of pgpi for use with a hardware random number generators. Recently, there has been some confusion because people have assumed that I wished people to use this version with NOISE.SYS or an RNG that gathers entropy from timing events called /dev/random. I did indeed mention /dev/random in the readme file, but I did this only because I thought /dev/random would be a likely path for a hardware RNG on a unix system. ( I have never tested this software under unix, but I see no reason why the "RNGDRIVER" feature of the modified PGPI would not work under unix.) Be assured that I originally planed the modification to be used with a real hardware RNG. I tested it with the CALNET/NEWBRIGE RNG under DOS and OS/2. The "RNGDRIVER" feature I tested with OS/2 and the driver in RNG810.ZIP available at ftp.cdrom.com. You may be able to compile and run it under other OSes as well. I see no reason why not. It is my understanding that NOISE.SYS gathers entropy from timing certain events. I have recently learned that a /dev/random works under Linux also by gathering entropy from timing. I am unsure about using my modification, together with these drivers that are not connected to a real hardware RNG. In what way would the use of these drivers' methods of gathering entropy be superior to PGP's method of getting entropy from keyboard timing? If you choose to do something like this, you should think carefully and make a careful study of the code. One thought for the future: It would be nice if BBS'es that run unattended could have a version of pgp that they could run without worrying about running out of entropy! (Because no one is there to type on the keyboard.) Perhaps something like NOISE.SYS (that would get entropy from the COM ports) put together with my mod to pgpi could be made to work. But careful thought an careful design should be done first. -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: cp850 iQCVAgUBMR63hs29s2mG+tTVAQFyKwP+Mh95ZNwwrBF+UjEKlEcfaiWY5ab8NthC b3j4cmv9PUXLrCM4DUH2iXtY2f9YNN9GsWT1S1Eu2b0368VBkQTm1+eWcKiDVmlB DumNmt4rZPhYam7wc/5gyGdIyzhGJBeJ0ZOP1kd4w0TfLsDprwKGOD1a0N7T3Ycz gFqBX34x59s= =MDXi -----END PGP SIGNATURE-----