[Cryptography] Entropy Needed for SSH Keys?
Kent Borg
kentborg at borg.org
Sun May 22 21:18:10 EDT 2016
Dammit, I can neither remember nor find that quote about how using a
deterministic process to make up random numbers is against nature, or
grace, or the universe. Like I say, I can't find it.
On 05/22/2016 06:27 PM, Hanno Böck wrote:
> Here you have a fundamental misunderstanding (albeit a common one).
> Entropy bits don't get used up (although Linux's /dev/random manpage
> tries to tell you so). Once your rng is properly initialized with
> enough entropy you can use it [...]
That agrees with another answer I got, but the worrywart in me frowns on
putting so much faith in the perfection of SHA-1 (to pick a random
version of Linux's drivers/char/random.c). Especially when it can be so
easy to stir the pot and make a guessing observer's life a theoretical
hell and not just a practical hell.
> [...] practically forever.
You hedge. Why? If the crypto is good, if it hides the pool state,
what's the problem? At how many bits of draw does it become a problem?
And why then? Why the hedge?
Another response I got also referred me to https://factorable.net/ but
it looks completely experimental, watching keys degrade as the system is
starved of entropy.
Let me try my own experiment:
# strace ssh-keygen -t rsa
Lot of output, only one mention of the string "random":
[...]
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3
fstat(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
poll([{fd=3, events=POLLIN}], 1, 10) = 1 ([{fd=3, revents=POLLIN}])
read(3,
"\255J\373\231\323\256\251^\314\207MqkC\332\222^\352\275\307\373\351bM\267\273\260$G\232\301\r",
32) = 32
close(3) = 0
[...]
(Was I supposed to say "dsa"? Okay...tried that too, same result.)
Looks to me like it read 256-bits. I would have expected it would have
read more, just to waste if nothing else.
No where near using up 4096-bits (if "using up" even is real). Maybe do
both DSA and RSA? It still would only "use" 1/8 of a 4096-bit pool.
-kb
More information about the cryptography
mailing list