[Cryptography] OpenSSL and random

Christian Huitema huitema at huitema.net
Sun Dec 4 13:40:30 EST 2016


On Saturday, December 3, 2016 11:19 PM, Peter Gutmann wrote:
> ... To get
> per-device unique keys, you don't need strong entropy, just a per-device
> unique value to make sure you don't get repeats.  In fact, here's a magic
> trick: A secure SSH key without needing any entropy! [0]

  seed = HMAC( fixed_secret, time() || MAC address || IP address || kernel version || ... );

Yes, that works quite well. But it is also an example of "all problems can be solved with one level of indirection". Your formula translates as, to get per-device unique keys, you don't need strong entropy, just ... a unique per device fixed secret. Don't you need some magic to initialize that for the first boot?

-- Christian Huitema


 




More information about the cryptography mailing list