Re: [Secure Coding] master: sect-Defensive_Coding-TLS-OpenSSL: Mention "openssl genrsa" entropy issue (564ffc8)

Tomas Mraz <tmraz@xxxxxxxxxx> · Mon, 28 Apr 2014 14:36:36 +0200

On Pá, 2014-04-25 at 14:33 +0000, fweimer@xxxxxxxxxxxxxxxxx wrote:
> Repository : http://git.fedorahosted.org/git/?p=secure-coding.git
> 
> On branch  : master
> 
> >---------------------------------------------------------------
> 
> commit 564ffc80149307d0a99724e2689ed3a8816513bf
> Author: Florian Weimer <fweimer@xxxxxxxxxx>
> Date:   Fri Apr 25 13:47:22 2014 +0200
> 
>     sect-Defensive_Coding-TLS-OpenSSL: Mention "openssl genrsa" entropy issue
> 
> 
> >---------------------------------------------------------------
> 
>  defensive-coding/en-US/Features-TLS.xml |    9 +++++++++
>  1 files changed, 9 insertions(+), 0 deletions(-)
> 
> diff --git a/defensive-coding/en-US/Features-TLS.xml b/defensive-coding/en-US/Features-TLS.xml
> index 936910d..f4da007 100644
> --- a/defensive-coding/en-US/Features-TLS.xml
> +++ b/defensive-coding/en-US/Features-TLS.xml
> @@ -186,6 +186,15 @@
>  	verify</command> result in an exit status of zero.
>        </para>
>        <para>
> +	OpenSSL command-line commands, such as <command>openssl
> +	genrsa</command>, do not ensure that physical entropy is used
> +	for key generation—they obtain entropy from
> +	<filename>/dev/urandom</filename> and other sources, but not
> +	from <filename>/dev/random</filename>.  Keys generated by
> +	these tools should not be used in high-value, critical
> +	functions.
> +      </para>

This one is quite questionable. We should not make impression
that /dev/urandom is insecure apart from situations where the kernel is
not seeded with entropy. Of course in case of diskless machines the
entropy seeding of the kernel entropy pool might be very scarce and just
after boot the entropy in the pool might be insufficient. But once the
kernel pool is properly seeded once the generated pseudorandom numbers
are secure. I would say that keys for high-value, critical functions
(but how are these really defined) should not be generated on virtual
machines or diskless routers or similar machines where the entropy
sources are limited.

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
(You'll never know whether the road is wrong though.)

--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security