[Cryptography] Entropy Needed for SSH Keys?
Yaron Sheffer
yaronf.ietf at gmail.com
Mon May 23 10:08:23 EDT 2016
> Let me try my own experiment:
>
> # strace ssh-keygen -t rsa
>
> Lot of output, only one mention of the string "random":
>
> [...]
> open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3
> fstat(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
> poll([{fd=3, events=POLLIN}], 1, 10) = 1 ([{fd=3, revents=POLLIN}])
> read(3,
> "\255J\373\231\323\256\251^\314\207MqkC\332\222^\352\275\307\373\351bM\267\273\260$G\232\301\r",
> 32) = 32
> close(3) = 0
> [...]
>
> (Was I supposed to say "dsa"? Okay...tried that too, same result.)
>
> Looks to me like it read 256-bits. I would have expected it would have
> read more, just to waste if nothing else.
>
> No where near using up 4096-bits (if "using up" even is real). Maybe do
> both DSA and RSA? It still would only "use" 1/8 of a 4096-bit pool.
>
>
> -kb
Yes, interesting. I repeated the experiment on my Ubuntu 16.04, and ssh
read 48 bytes. Still way too little. I can only speculate that they have
their own PRNG which they seed from /dev/urandom.
Thanks,
Yaron
More information about the cryptography
mailing list