[Ach] Random number generators (was Bug/Ba in OpenSSL)
Ralf Schlatterbeck
rsc at runtux.com
Wed Nov 27 08:27:44 CET 2013
On Tue, Nov 26, 2013 at 03:54:16PM +0100, Aaron Zauner wrote:
>
> On 26 Nov 2013, at 15:49, Ralf Schlatterbeck <rsc at runtux.com> wrote:
> > I think for embedded devices it definitely makes sense to run haveged
> > for getting more entropy. Sad fact is that OpenSSL doesn't seem to be
> > configurable to use /dev/random instead of /dev/urandom, otherwise I'd
> > recommend that too, at least for embedded devices.
>
> Configuring OpenSSL to use /dev/random on embedded devices would
> render OpenSSL useless and any service that relies on it. Just do a
> cat on random to see that there will almost nothing coming out of
> /dev/random on embedded devices. _This_is_a_blocking_operation_.
Which tells us that the random numbers we get when using /dev/urandom
are unusable for cryptographic purposes.
Seriously.
Which leads us back to methods for inserting additional entropy into the
Linux RNG.
Ralf
--
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting www: http://www.runtux.com
Reichergasse 131, A-3411 Weidling email: office at runtux.com
allmenda.com member email: rsc at allmenda.com
More information about the Ach
mailing list