On 06/08/2014 03:48 PM, Pavel Kankovsky wrote:
etc... but "OpenSSL pitfalls" in defensive-coding/en-US/Features-TLS.xml warns that OpenSSL command-line commands, such as <command>openssl genrsa</command>, do not ensure that physical entropy is used for key generation--they obtain entropy from <filename>/dev/urandom</filename> and other sources, but not from <filename>/dev/random</filename>. This can result in weak keys if the system lacks a proper entropy source (e.g., a virtual machine with solid state storage). Depending on local policies, keys generated by these OpenSSL tools should not be used in high-value, critical functions. I think such warning (and perhaps an advice to use -randfile /dev/random?) should be reflected in documents telling people to use openssl genrsa et al. to generate keys.
"-randfile /dev/random" hopefully does not offer any real benefit.
Come to think of it, maybe it would also be a good idea to patch these commands to print the warning when they are used to generate new keys without a good source of entropy.
Currently, there is no non-blocking way to detect that the kernel pool has been initialized. I proposed a patch to add a variable under /proc/sys, but that wasn't accepted. There have been some recent discussions on the kernel and systemd side, but no one feels responsible, so there hasn't been any actual progress.
-- Florian Weimer / Red Hat Product Security Team -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
