[Cryptography] OpenSSL and random

Ray Dillinger bear at sonic.net
Sun Dec 4 15:16:44 EST 2016 


On 12/04/2016 10:40 AM, Christian Huitema wrote:

> to get per-device unique keys, you don't need strong entropy, just ... a unique per device fixed secret. 
> Don't you need some magic to initialize that for the first boot?
> 

And don't you need some magic to ensure that the owner of the machine
is the only one who has access to it?

The problem with anything that comes with the machine (or the OS) is
that it comes FROM someone else.  In fact it comes from ANYONE who has
had control of the machine before you get it or has control of the
OS installation disks before you have them in your hands, because
they may have read them or may have swapped them for something else.

So, no, I don't see this as a good plan.  They're certainly all things
to stir in, but they're not something we can pretend is bits unknown
to all possible adversaries suitable for "credit" to an RNG state.

And I'll reiterate the notion that generating keys, or taking/making
network connections, prior to being fully booted up is ALWAYS a bad
idea.  A machine is not fully booted up before it has RNG state that
can be relied on.

OTOH, the 'live disk' OS for an OS distribution disk could gather
entropy from the local machine for a few seconds before it makes its
first network connection to continue with the install process.

So it should have bits prior to downloading any software, prior to
writing anything at all on the hard drive (even prior to partitioning
the hard drive) and FAR prior to running any of the software has
downloaded.  And it should have another good random state to save, long
before the new OS boots.

This isn't a good solution unless it's the user whose secrets are to be
protected who does the installation, though, so it's out for all the
portable devices and computers that come with OS preinstalled.  And
that's the vast majority of devices.


				Bear


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161204/b4d04ff6/attachment.sig>

More information about the cryptography mailing list