[Cryptography] Entropy Needed for SSH Keys?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue May 24 22:14:31 EDT 2016
Jerry Leichter <leichter at lrw.com> writes:
>So it seems to me you want to address a different issue: Not how do I get
>enough randomness to set up kernel ASLR and related mechanisms early in boot,
>but how to I *put off* setting up kernel ASLR and related mechanisms until I
>have a usable source of randomness?
You don't need a usable (where I assume "usable" means "capable of generating
crypto keys") source of randomness, for ASLR and stack canaries and the like
you just need enough to make it hard for an attacker (meaning a dumb piece of
code, not an active, adaptive attack) to guess. 16 bits should be fine (see
various analyses of this topic, in practice it's anywhere from 12 to 24 bits,
based more on hardware limits than anything else).
Peter.
More information about the cryptography
mailing list