[Cryptography] OpenSSL and random
Christian Huitema
huitema at huitema.net
Sun Dec 4 13:40:30 EST 2016
On Saturday, December 3, 2016 11:19 PM, Peter Gutmann wrote:
> ... To get
> per-device unique keys, you don't need strong entropy, just a per-device
> unique value to make sure you don't get repeats. In fact, here's a magic
> trick: A secure SSH key without needing any entropy! [0]
seed = HMAC( fixed_secret, time() || MAC address || IP address || kernel version || ... );
Yes, that works quite well. But it is also an example of "all problems can be solved with one level of indirection". Your formula translates as, to get per-device unique keys, you don't need strong entropy, just ... a unique per device fixed secret. Don't you need some magic to initialize that for the first boot?
-- Christian Huitema
More information about the cryptography
mailing list