[Ach] Recomendation on haveged in Bettercrypto chapter 3.3.3
Aaron Zauner
azet at azet.org
Wed Apr 29 19:38:10 CEST 2015
Hi,
Manuel Kraus wrote:
> Ever watched "/proc/sys/kernel/random/entropy_avail" over some time?
>
> The fluctuation of that value on a busy system speaks for itself.
>
> At least to me, well, wearing just a sysadmin hat too. ;-)
>
I'm not sure what your system does but if it's not producing thousands
of one-time-pads per second you're well off with the entropy that you see.
People seem to think that entropy magically makes their crypto more
secure. This is not the case in the way crypto primitives use randomness
sources on modern operating systems. Please see `man 4 random` for more
details (don't believe the manpage w.r.t. using random for /some/
things, though - use urandom).
Let me quote these paragraphs:
```
The kernel random-number generator is designed to produce
a small amount of high-quality seed material to seed a
cryptographic pseudo-random number generator (CPRNG). It
is designed for security, not speed, and is poorly suited
to generating large amounts of random data. Users should
be very economical in the amount of seed material that
they read from /dev/urandom (and /dev/random); unnecessar-
ily reading large quantities of data from this device will
have a negative impact on other users of the device.
The amount of seed material required to generate a crypto-
graphic key equals the effective key size of the key. For
example, a 3072-bit RSA or Diffie-Hellman private key has
an effective key size of 128 bits (it requires about 2^128
operations to break) so a key generator only needs 128
bits (16 bytes) of seed material from /dev/random.
While some safety margin above that minimum is reasonable,
as a guard against flaws in the CPRNG algorithm, no cryp-
tographic primitive available today can hope to promise
more than 256 bits of security, so if any program reads
more than 256 bits (32 bytes) from the kernel random pool
per invocation, or per reasonable reseed interval (not
less than one minute), that should be taken as a sign that
its cryptography is not skilfully implemented.
```
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150429/244cae26/attachment.sig>
More information about the Ach
mailing list