[Cryptography] /dev/random is not robust
Alon Ziv
alon-lk at nolaviz.org
Thu Oct 24 01:06:16 EDT 2013
Theodore Ts'o <tytso <at> mit.edu> writes:
>
> On Thu, Oct 17, 2013 at 01:05:52PM -0400, Kent Borg wrote:
> >
> > There are certainly larger system issues, and anyone doing
> > auto-provisioning of servers and generating keys before any entropy
> > has accumulated could get burned. Though to be fair to /dev/random,
> > isn't this a larger Linux distribution issue? Don't automatically
> > generate keys on first boot. RNGs that need seed data should not be
> > run empty.
>
> The major problem which could be considered a "Linux distribution
> issue" is ssh host key generation, which is done by the boot scripts
> if the ssh host keys do not exist. It would be much better if this
> was done on the first TCP connection to the ssh server, but that would
> require changes to sshd.
Can't this be solved (in some distros at least...) by switching SSHD to use
on-demand activation (a la inetd / systemd)? [I know the SSHD manpage claims
this is inadvisable, but I suspect the reason - response "may take tens of
seconds" - is decades out of date even for small devices...]
-a
More information about the cryptography
mailing list