[Cryptography] [FORGED] Re: OpenSSL and random

Bill Cox waywardgeek at gmail.com
Tue Nov 29 12:53:09 EST 2016

On Tue, Nov 29, 2016 at 1:44 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>

> From which the conclusion is obvious: Don't ever stop waiting for entropy
> to
> appear.

Unless the Linux entropy pool has not yet had time to seed properly.  If
Linux switched to this model, we would have:

- Buggy systems that do not obtain entropy fast enough appear to hang
- Functional systems that do obtain entropy fast enough work as expected

I prefer for systems with security bugs to hang rather than adopt a
work-around to continue functioning in an insecure mode.  I think most
software developers would prefer to discover the security flaw this way
rather than shipping insecure software.

This is not some abstract threat.  The OpenWRT wireless router OS shipped
with just such a bug that caused them all to be insecure.  If /dev/urandom
had blocked on boot on those devices, the problem would have become obvious
to the developers.

Real developers are not generally crypto geeks.  They need an alarm bell
like this to go off to let them know when something is wrong.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161129/2dd439f6/attachment.html>

More information about the cryptography mailing list