[Ach] Random number generators (was Bug/Ba in OpenSSL)

Ralf Schlatterbeck rsc at runtux.com
Wed Nov 27 08:27:44 CET 2013

On Tue, Nov 26, 2013 at 03:54:16PM +0100, Aaron Zauner wrote:
> On 26 Nov 2013, at 15:49, Ralf Schlatterbeck <rsc at runtux.com> wrote:
> > I think for embedded devices it definitely makes sense to run haveged
> > for getting more entropy. Sad fact is that OpenSSL doesn't seem to be
> > configurable to use /dev/random instead of /dev/urandom, otherwise I'd
> > recommend that too, at least for embedded devices.
> Configuring OpenSSL to use /dev/random on embedded devices would
> render OpenSSL useless and any service that relies on it. Just do a
> cat on random to see that there will almost nothing coming out of
> /dev/random on embedded devices. _This_is_a_blocking_operation_.

Which tells us that the random numbers we get when using /dev/urandom
are unusable for cryptographic purposes.


Which leads us back to methods for inserting additional entropy into the
Linux RNG.

Dr. Ralf Schlatterbeck                  Tel:   +43/2243/26465-16
Open Source Consulting                  www:   http://www.runtux.com
Reichergasse 131, A-3411 Weidling       email: office at runtux.com
allmenda.com member                     email: rsc at allmenda.com

More information about the Ach mailing list