On 04/28/2014 03:31 PM, Tomas Mraz wrote:
What about this version? Do you think it's sufficiently balanced?
<para>
OpenSSL command-line commands, such as <command>openssl
genrsa</command>, do not ensure that physical entropy is used
for key generation—they obtain entropy from
<filename>/dev/urandom</filename> and other sources, but not
from <filename>/dev/random</filename>. This can result in
weak keys if the system lacks a proper entropy source (e.g., a
virtual machine with solid state storage). Depending on local
policies, keys generated by these OpenSSL tools should not be
used in high-value, critical functions.
</para>
OK, that's better.
Thanks.
Is there a way to check in /proc that the kernel has initialized the
pool? I know the kernel prints a message. A low value in
/proc/sys/kernel/random/entropy_avail does not necessarily mean that no
entropy was mixed into the pool.
Unfortunately I do not know of such way. Perhaps this should be added as
additional /proc value?
Hmm, that could make sense.
On the other hand, blocking until entropy is available could result in
preventing system startup because nothing is running that would trigger
entropy production.
Yes, but having indicative /proc value shouldn't really harm.
There's now a discussion upstream: <https://lkml.org/lkml/2014/4/28/494>
--
Florian Weimer / Red Hat Product Security Team
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security
