Re: [Secure Coding] master: sect-Defensive_Coding-TLS-OpenSSL: Mention "openssl genrsa" entropy issue (564ffc8)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/28/2014 03:31 PM, Tomas Mraz wrote:

What about this version?  Do you think it's sufficiently balanced?

         <para>
	OpenSSL command-line commands, such as <command>openssl
	genrsa</command>, do not ensure that physical entropy is used
	for key generation—they obtain entropy from
	<filename>/dev/urandom</filename> and other sources, but not
	from <filename>/dev/random</filename>.  This can result in
	weak keys if the system lacks a proper entropy source (e.g., a
	virtual machine with solid state storage).  Depending on local
	policies, keys generated by these OpenSSL tools should not be
	used in high-value, critical functions.
        </para>

OK, that's better.

Thanks.

Is there a way to check in /proc that the kernel has initialized the
pool?  I know the kernel prints a message.  A low value in
/proc/sys/kernel/random/entropy_avail does not necessarily mean that no
entropy was mixed into the pool.

Unfortunately I do not know of such way. Perhaps this should be added as
additional /proc value?

Hmm, that could make sense.

On the other hand, blocking until entropy is available could result in
preventing system startup because nothing is running that would trigger
entropy production.

Yes, but having indicative /proc value shouldn't really harm.

There's now a discussion upstream: <https://lkml.org/lkml/2014/4/28/494>

--
Florian Weimer / Red Hat Product Security Team
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux