Re: [Secure Coding] master: sect-Defensive_Coding-TLS-OpenSSL: Mention "openssl genrsa" entropy issue (564ffc8)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/28/2014 02:36 PM, Tomas Mraz wrote:

diff --git a/defensive-coding/en-US/Features-TLS.xml b/defensive-coding/en-US/Features-TLS.xml
index 936910d..f4da007 100644
--- a/defensive-coding/en-US/Features-TLS.xml
+++ b/defensive-coding/en-US/Features-TLS.xml
@@ -186,6 +186,15 @@
  	verify</command> result in an exit status of zero.
        </para>
        <para>
+	OpenSSL command-line commands, such as <command>openssl
+	genrsa</command>, do not ensure that physical entropy is used
+	for key generation—they obtain entropy from
+	<filename>/dev/urandom</filename> and other sources, but not
+	from <filename>/dev/random</filename>.  Keys generated by
+	these tools should not be used in high-value, critical
+	functions.
+      </para>

This one is quite questionable. We should not make impression
that /dev/urandom is insecure apart from situations where the kernel is
not seeded with entropy.

I tried to word in a way that doesn't give the impression that /dev/urandom is insecure, while still pleasing those who strongly think that long-term key material should be generated from /dev/random.

Of course in case of diskless machines the
entropy seeding of the kernel entropy pool might be very scarce and just
after boot the entropy in the pool might be insufficient. But once the
kernel pool is properly seeded once the generated pseudorandom numbers
are secure. I would say that keys for high-value, critical functions
(but how are these really defined) should not be generated on virtual
machines or diskless routers or similar machines where the entropy
sources are limited.

Is there a way to check in /proc that the kernel has initialized the pool? I know the kernel prints a message. A low value in /proc/sys/kernel/random/entropy_avail does not necessarily mean that no entropy was mixed into the pool.

Is it possible to express that a seeded /dev/urandom is needed as a systemd dependency?

--
Florian Weimer / Red Hat Product Security Team
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux