[Cryptography] Entropy Needed for SSH Keys?
Alexander Klimov
alserkli at inbox.ru
Sun May 22 12:19:03 EDT 2016
On Sat, 21 May 2016, Kent Borg wrote:
> Embedded devices are frequently starved for entropy, and frequently want to
> generate SSH keys on first boot when the entropy might be in particularly
> short supply.
>
> How much entropy does modern openssh key generation need?
>
> In a case I am playing with I want my own 512-bits of entropy after the ssh
> keys are generated. If I can come up with a nice plump 4096-bits at boot
> (common pool size these days for Linux urandom), and then generate the ssh
> keys, how many bits will be left over?
The proper design is to use TRNG to seed DRBG (aka PRNG) and use only
DRBG for crypto purposes. The idea that entropy of DRBG state can be
lost due to its use is misleading. Once you have enough bits to seed
DRBG (say, 384 bits for 256-bit security) you can use DRBG to
generate all the keys you need.
The only reason one may want to reseed DRBG (by getting more bits from
TRNG) is if he is afraid that someone learned the DRBG state (say, by
reading kernel memory). I guess it is not your case.
--
Regards,
ASK
More information about the cryptography
mailing list