[Cryptography] randomness +- entropy
Theodore Ts'o
tytso at mit.edu
Tue Nov 5 22:18:50 EST 2013
On Tue, Nov 05, 2013 at 07:04:27PM -0800, Watson Ladd wrote:
> Furthermore, plenty of programs like gpg and openSSH would use it, and those
> are the important ones where lack of randomness can hurt very badly.
gpg is already using /dev/random, which blocks. So it's not a problem
today.
ssh-keygen is using /dev/urandom, which can be problematic since host
keys tend to get generated way too early.
> And in the current situation the engineers and product managers have
> no idea if the kernel
> is collecting enough entropy.
Well, with the printk, the engineers will know that there's a problem.
More importantly, end users who get access to the dmesg logs will
know, and thus apply pressure (or fix the problem in Cyanogenmod :-).
I'm not against providing a programtic way for programs to determine
whether /dev/urandom has been initialized, or even blocking until it's
been initialized. I just disbelieve that the critical applications
will use such an interface. Maybe I'm being too pessimistic about the
fundamental laziness of most product engineers. But in general, it's
hard to overestimate people being lazy...
Regards,
- Ted
More information about the cryptography
mailing list