[Cryptography] OpenSSL not using /dev/random (was: Re: /dev/random is not robust)
Sandy Harris
sandyinchina at gmail.com
Fri Oct 18 08:12:34 EDT 2013
Patrick Pelletier <code at funwithsoftware.org> wrote:
> On 10/16/13 12:11 PM, Theodore Ts'o wrote:
>
>> ... I recently noticed that on my Debian Testing box,
>> the openssl librcrypto library is apparently not using /dev/urandom or
>> /dev/random by default. ....
> Are you on a machine with the RdRand instruction? OpenSSL ships with a
> built-in RdRand ENGINE which just uses RdRand and doesn't use OpenSSL's
> random number generator at all. (And thus needs no entropy.) ...
Snowden revealed that the NSA does sabotage things for easier
monitoring, OpenSSL would be a prime target, and a plausible
attack on RdRand has been published.
http://threatpost.com/researchers-develop-undetectable-hardware-trojans
http://people.umass.edu/gbecker/BeckerChes13.pdf
random(4) can use RdRand, but it sensibly treats it as only
one of many entropy sources, so even a sabotaged RdRand
is not fatal. I'd say it is quite clear OpenSSL should do that
as well. The simplest way to do that appears to be to use
/dev/random or /dev/urandom.
More information about the cryptography
mailing list