Date: Sun, 16 Jul 2000 15:00:44 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Mark Murray <mark@grondar.za> Cc: Bill Fumerola <billf@chimesnet.com>, current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <Pine.BSF.4.21.0007161454540.85469-100000@freefall.freebsd.org> In-Reply-To: <200007161942.VAA04096@grimreaper.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 16 Jul 2000, Mark Murray wrote:
> > On Sun, Jul 16, 2000 at 08:26:44PM +0200, Mark Murray wrote:
> >
> > > Gotcha - fix coming; I need to stash some randomness at shutdown time, and
> > > use that to reseed the RNG at reboot time.
> >
> > ... and for installations where ssh-keygen is run the first time
> > the system boots?
>
> The situation is _worse_; the entropy is minimal, and is _very_ attackable.
ssh-keygen should just block until it gets enough - this is not acceptable
behaviour if /dev/urandom is returning unseeded data. OpenSSL uses
/dev/urandom at the moment - I just read a comment in md_rand.c that using
/dev/random may block, which I didn't think was true.
On the other hand, doing a dd if=/dev/random of=/dev/null gives me
infinite "randomness" at 10MB/sec - have the semantics of /dev/random
changed?
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007161454540.85469-100000>