[Cryptography] Entropy Needed for SSH Keys?
Hanno Böck
hanno at hboeck.de
Sun May 22 18:27:59 EDT 2016
On Sat, 21 May 2016 12:55:31 -0400
Kent Borg <kentborg at borg.org> wrote:
> Embedded devices are frequently starved for entropy, and frequently
> want to generate SSH keys on first boot when the entropy might be in
> particularly short supply.
This is a real problem, Nadia Heninger and others found countless
devices producing breakable keys due to this:
https://factorable.net/
> How much entropy does modern openssh key generation need?
~128 bits of entropy are enough for everything with a reasonable
safety margin. (As long as you can be sure that your 128 bits are really
random. If you are not add some more.)
> In a case I am playing with I want my own 512-bits of entropy after
> the ssh keys are generated. If I can come up with a nice plump
> 4096-bits at boot (common pool size these days for Linux urandom),
> and then generate the ssh keys, how many bits will be left over?
Here you have a fundamental misunderstanding (albeit a common one).
Entropy bits don't get used up (although Linux's /dev/random manpage
tries to tell you so). Once your rng is properly initialized with enough
entropy you can use it practically forever.
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160523/3f4c666d/attachment.sig>
More information about the cryptography
mailing list