[Cryptography] OpenSSL and random
Jason Cooper
cryptography at lakedaemon.net
Sun Dec 4 09:47:44 EST 2016
On Sun, Dec 04, 2016 at 07:19:04AM +0000, Peter Gutmann wrote:
> Nico Williams <nico at cryptonector.com> writes:
>
> >For a sufficiently-low number of bits we'd have a number of recognizable SSH
> >host keys and such.
>
> That's a good point, but it's conflating entropy with randomisation. To get
> per-device unique keys, you don't need strong entropy, just a per-device
> unique value to make sure you don't get repeats. In fact, here's a magic
> trick: A secure SSH key without needing any entropy! [0]
>
> seed = HMAC( fixed_secret, time() || MAC address || IP address || kernel version || ... );
It's worth noting here that this will work for individual users with a
simple threat model. However, this is *not* an acceptable solution for
an OS to ship.
Primarily because there is no current mechanism for putting a
fixed_secret into each download of an OS image. Which means it will get
dropped, or left the same for everybody for that OS release.
thx,
Jason.
More information about the cryptography
mailing list