From owner-freebsd-current Sun Jul 16 15: 0:47 2000 Delivered-To: freebsd-current@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 2C67237B7A8; Sun, 16 Jul 2000 15:00:45 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id PAA86441; Sun, 16 Jul 2000 15:00:45 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sun, 16 Jul 2000 15:00:44 -0700 (PDT) From: Kris Kennaway To: Mark Murray Cc: Bill Fumerola , current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak In-Reply-To: <200007161942.VAA04096@grimreaper.grondar.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 16 Jul 2000, Mark Murray wrote: > > On Sun, Jul 16, 2000 at 08:26:44PM +0200, Mark Murray wrote: > > > > > Gotcha - fix coming; I need to stash some randomness at shutdown time, and > > > use that to reseed the RNG at reboot time. > > > > ... and for installations where ssh-keygen is run the first time > > the system boots? > > The situation is _worse_; the entropy is minimal, and is _very_ attackable. ssh-keygen should just block until it gets enough - this is not acceptable behaviour if /dev/urandom is returning unseeded data. OpenSSL uses /dev/urandom at the moment - I just read a comment in md_rand.c that using /dev/random may block, which I didn't think was true. On the other hand, doing a dd if=/dev/random of=/dev/null gives me infinite "randomness" at 10MB/sec - have the semantics of /dev/random changed? Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message