[Cryptography] In search of random numbers

Theodore Ts'o tytso at mit.edu
Sat Oct 25 17:18:52 EDT 2014

On Sat, Oct 25, 2014 at 12:40:20AM +0200, Hanno Böck wrote:
> > > 
> > > Most SSH keys are generated on first-time boot.
> > 
> > This is dumb.  
> > 
> > This is bad design.
> Do you have a smart alternative? What should these devices do? Pre-load
> them with a key? (I don't particularly like that idea) Tell users they
> need to generate a key on their Desktop for their new Internet of Things
> light switch?

You wait until the first time someone tries to connect to the ssh
port, and generate the ssh key in a just-in-time fashion.

> Basically most exploit-mitigation techniques (aslr, stack canaries)
> these days require some kind of randomness.

So the thing about aslr and stack canaries is that if they aren't
perfectly random for the first boot, it isn't as catastrophic,
especially if you end up rebooting shortly after the initial setup.
But if you generate a bad SSH or SSL key, that tends to last for a
much longer period of time.

BTW, mixing in device personalization information (i.e., MAC
addresses) is useful for making it harder to prevent embarassingly
easy demonstrations that your system is insecure (because it prevents
using the GCD to find common factors after scanning for all certs from
various printers on the internet, for example).  But it shouldn't be
mistaken for truly fixing the problem.


						- Ted

More information about the cryptography mailing list