There has been a number of studies (http://www.2uo.de/myths-about-urandom ; I don't agree with everything but interesting reading anyway) showing that entropy from Linux random is not better than from urandom (once urandom has been properly seeded). For this reason, I patched my rndlinux.c GnuPG source code file to always use urandom. Makes key generation instantaneous.
When a software is stupid, I don't want to install additional stupid software or comply with stupid instructions; I simply patch it.
I think that on linux, you ideally don't want /dev/urandom, you want a recent kernel and getrandom(buf, len, 0). From the manpage:
If the GRND_RANDOM bit is not set, then the /dev/urandom pool
will be used. Unlike using read(2) to fetch data from
/dev/urandom, if the urandom pool has not been sufficiently
initialized, getrandom(2) will block (or return -1 with the
errno set to EAGAIN if the GRND_NONBLOCK bit is set in flags).
Then again, that's probably not important if you interactively launch gpg on a desktop system that wasn't just installed a minute ago or so.
reply