[Cryptography] In search of random numbers
hanno at hboeck.de
Fri Oct 24 18:40:20 EDT 2014
Am Fri, 24 Oct 2014 11:02:51 -0700
schrieb Bear <bear at sonic.net>:
> On Fri, 2014-10-24 at 06:46 +0200, Stephan Neuhaus wrote:
> > On 2014-10-24 02:09, Tom Mitchell wrote:
> > > What "early" needs are there for entropy?
> > Most SSH keys are generated on first-time boot.
> This is dumb.
> This is bad design.
Do you have a smart alternative? What should these devices do? Pre-load
them with a key? (I don't particularly like that idea) Tell users they
need to generate a key on their Desktop for their new Internet of Things
> We don't need to be providing early boot-time entropy;
> we need to be educating people that any design which
> requires early boot-time entropy is a mistake.
Basically most exploit-mitigation techniques (aslr, stack canaries)
these days require some kind of randomness. Sequence numbers should be
random. There are a number of reasons in-kernel and early boot
processes need good randomness.
mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: not available
More information about the cryptography