David Shaw on Thu, 27 Feb 2003 09:01:07 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] GnuPG 1.2.1 trustdb checks for every pubkey import?


On Thu, Feb 27, 2003 at 12:45:54AM -0500, gabriel rosenkoetter wrote:

> GnuPG doesn't give up doing the trustdb check until it finds 0 keys
> with any relation to you at a some depth. At least, that's my
> understanding.

Either 0 keys found in relation or the value of max-cert-depth is
reached.  The default max-cert-depth is 5.

> > Yes, it's also my impression that this is a cpu-bound process, too.  I
> > really don't understand what it could possibly be doing that it could
> > suck up the cpu of a modern machine for over a minute.  You'd think
> > this would be a fairly simple tree traversal algorithm we all learned
> > back in our computer science classes.
> 
> Well. It's that, PLUS the crypto involved. The latter's what eats
> the cycles, I'd assume.

Correct.  With 1428 keys, and who knows how many signatures, that adds
up to a lot of checking.

> Does this just point to "gcc STILL sucks at optimizing PowerPC"?
> (Quite possible...)

Note that GnuPG has optimized assembly for math operations on most
CPUs... except PowerPC.  The next release (1.2.2) adds PowerPC code.

> Is there any reason not to just remove those keys from my keyring?
> (They're not people I communicate regularly, but I expect the
> rocklinux one at least will get added back in because of Bugtraq.)

You don't need to.  The trick is to make sure that the signatures from
those keys are cached so you don't need to check them every time you
check the trustdb.  Caching all signatures gives you a nice speedy
keyring.  I doubt the Elgamal signatures are the sole cause of the
slowdown, but they hurt a lot more than other uncached signatures.

> You have to go to a pretty great length to create an Elgamal
> signature key, don't you? What would make someone do so?

A few reasons.  Very old alpha versions of GnuPG didn't support DSA,
so Elgamal was the only game in town.  More recently, Elgamal was the
only signature algorithm in GnuPG that could be greater than 1024
bits, as RSA was still patented.  Nowadays, there is no reason to use
it at all, and many reasons NOT to use it.

GnuPG won't generate Elgamal keys any more unless the user specifies
--expert, and then confirms the "are you crazy?  why would you want to
do such a thing?" question.  People still make them.  Unfortunately,
unlike most oddball decisions that people make, this one shoots more
than themselves in the foot.

> >   gpg --no-sig-cache --rebuild-keydb-caches
> > 
> > It'll take a very long time, but that will check and cache the
> > validity of every signature you have on your keyring, including all
> > the deadly Elgamal ones.
> > 
> > After you do that, let me know if --check-trustdb runs any faster.
> 
> Like Walt, I'll let you know tomorrow.

Good.  What that does is check and cache EVERY signature on your
keyring.  Once that is done, there is very little work to do in
building the trustdb.

David

Attachment: pgp5o1JREbMPr.pgp
Description: PGP signature