[Ach] Recomendation on haveged in Bettercrypto chapter 3.3.3

Aaron Zauner azet at azet.org
Wed Apr 29 14:56:37 CEST 2015


Philipp Gühring wrote:
> Well, yes and no. If you are in special situations like e.g. early-boot or
> virtualised systems where the hypervisor does not properly deliver random
> numbers to the guests, then the difference between low entropy and no
> entropy can become dangerous. In the early-boot scenario, havege should
> solve the problem, in the virtualisation scenario, havege might not help
> at all.

How does haveged help in the early-boot scenario? AFAIK haveged seeds
similarily to how the linux kernel seeds entropy (the kernel mechanism
is actually more diverse and much faster).


> Well, it depends on your threat-model. If you create high-value keys like
> root certificates for certification authorities or, can generate high
> costs, then I would suggest to use /dev/random, and make sure, that enough
> entropy is delivered to it. For the average user, /dev/urandom should be
> fine, though. 

Can you explain why that would make sense? To the best of my knowledge
the 'randomness' of random and urandom should be indistinguishable. I'm
absolutely again recommending the use of /dev/random for anything, really.

> I think havege really solves the early-boot problem, and in that alone, I
> would say that it´s useful.

No. The kernel solves this problem very well, in kernelspace not userspace.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150429/5ef34ad8/attachment.sig>

More information about the Ach mailing list