gnupg and /dev/random
Gergely Budai
thuffir@gmx.de
Fri Mar 28 16:51:00 GMT 2008
Dear Community!
It appears to me that gnupg has always been using /dev/random on cygwin since it's first release (1.0.7-1). AFAIK cygwin is using
CryptGenRandom() for this device. According to Wikipedia, several "significant weaknesses" had been found recently in the Windows
2000 and XP implementation of that function. According to that same Wikipedia article, Microsoft is planning to fix that bug with
the release of SP3 for XP, but not planning (at least did not tell to do so) to fix it for Windows 2000.
Since the presence of a strong cryptographical random function is the prerequisite of cryptography and some of us are sill going to
use Cygwin on Windows 2000 in the future, my question is the following:
Would not it be better to configure the future gnupg cygwin releases not to use /dev/random, but the builtin and specially for
windows developped randomness entropy gatherer (rndw32.c)?
Looking forward to your kind oppinions,
Gergely Budai
Sources:
http://en.wikipedia.org/wiki/CryptGenRandom
More information about the Cygwin-apps
mailing list