[Secure Coding] master: TLS: More balanced advice on "openssl genrsa" and /dev/urandom (7f640d9)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Repository : http://git.fedorahosted.org/git/?p=secure-coding.git

On branch  : master

>---------------------------------------------------------------

commit 7f640d95375def0979c9f6a12c02cd414fe1eb7e
Author: Florian Weimer <fweimer@xxxxxxxxxx>
Date:   Mon Apr 28 15:41:05 2014 +0200

    TLS: More balanced advice on "openssl genrsa" and /dev/urandom


>---------------------------------------------------------------

 defensive-coding/en-US/Features-TLS.xml |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/defensive-coding/en-US/Features-TLS.xml b/defensive-coding/en-US/Features-TLS.xml
index f4da007..5d9e39d 100644
--- a/defensive-coding/en-US/Features-TLS.xml
+++ b/defensive-coding/en-US/Features-TLS.xml
@@ -190,9 +190,11 @@
 	genrsa</command>, do not ensure that physical entropy is used
 	for key generationâ??they obtain entropy from
 	<filename>/dev/urandom</filename> and other sources, but not
-	from <filename>/dev/random</filename>.  Keys generated by
-	these tools should not be used in high-value, critical
-	functions.
+	from <filename>/dev/random</filename>.  This can result in
+	weak keys if the system lacks a proper entropy source (e.g., a
+	virtual machine with solid state storage).  Depending on local
+	policies, keys generated by these OpenSSL tools should not be
+	used in high-value, critical functions.
       </para>
       <para>
 	The OpenSSL server and client applications (<command>openssl

--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux