Date: Fri, 18 Apr 2014 22:00:02 GMT From: Eitan Adler <lists@eitanadler.com> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/188745: FreeBSD base OpenSSL puts private keys to RNG seeds Message-ID: <201404182200.s3IM02PV010776@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/188745; it has been noted by GNATS. From: Eitan Adler <lists@eitanadler.com> To: Kenji Rikitake <kenji@k2r.org> Cc: bug-followup <bug-followup@freebsd.org> Subject: Re: bin/188745: FreeBSD base OpenSSL puts private keys to RNG seeds Date: Fri, 18 Apr 2014 14:58:17 -0700 On 17 April 2014 20:51, Kenji Rikitake <kenji@k2r.org> wrote: >>Environment: > FreeBSD minimax.priv.k2r.org 10.0-STABLE FreeBSD 10.0-STABLE #33 r264285: Wed Apr 9 09:25:02 JST 2014 root@minimax.priv.k2r.org:/usr/obj/usr/src/sys/K2RKERNEL amd64 >>Description: > OpenBSD devs report OpenSSL puts RSA private keys as they are for seeding the PRNG. See http://freshbsd.org/commit/openbsd/e5136d69ece4682e6167c8f4a8122270236898bf for the details. > > On 10.0-STABLE, I've found the same practice under /usr/src/crypto/openssl/crypto at: Please see: http://blog.ngas.ch/archives/2014/04/17/what_is_this_private_key_doing_in_my_random_pool/index.html In particular: "So the patch which was committed by the OpenBSD people actually has the potential to weaken the entropy of the OpenSSL random pool, but it was never a security or privacy concern," -- Eitan Adler
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404182200.s3IM02PV010776>