[Ach] Random number generators (was Bug/Ba in OpenSSL)
Ralf Schlatterbeck
rsc at runtux.com
Tue Nov 26 15:49:08 CET 2013
On Tue, Nov 26, 2013 at 01:28:50PM +0100, Adi Kriegisch wrote:
> Hi!
>
> > I still don’t think that we should recommend switching to other RNGs
> > then those provided by the OS. If we do so, please cite why one
> > should do that.
> Actually we're talking about two things here: HAVEGE and haveged: HAVEGE is
> an algorithm and haveged is a Linux/UNIX daemon that injects its entropy
> into the Linux/UNIX entropy pool.
Yes, but haveged is an implementation of the original 2003 HAVEGE
algorithm. And, yes, I agree that this implementation should be used if
we recommend anything. I haven't looked at the code though.
> Switching from /dev/(u)random to something else is ridiculous as a
> recommendation for our paper.
Yes.
> The question is wether it makes sense to suggest using haveged as an
> additional source of entropy on a server.
I think for embedded devices it definitely makes sense to run haveged
for getting more entropy. Sad fact is that OpenSSL doesn't seem to be
configurable to use /dev/random instead of /dev/urandom, otherwise I'd
recommend that too, at least for embedded devices.
> (btw. I checked KVM and XEN on a recent Debian for availability of
> RDRTC in guests and both of them implement that function and *do NOT*
> just return 0 or 1, so there should be at least some entropy comming
> out of haveged...
Thats good news. It would be interesting where the RTC values come from
(from the host kernel?) Note that the kernel RNG also needs a working
clock source.
Ralf
--
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting www: http://www.runtux.com
Reichergasse 131, A-3411 Weidling email: office at runtux.com
allmenda.com member email: rsc at allmenda.com
More information about the Ach
mailing list