[Cryptography] OpenSSL CSPRNG work
Bill Frantz
frantz at pwpconsult.com
Wed Jul 5 20:14:16 EDT 2017
On 7/5/17 at 2:43 PM, tytso at mit.edu (Theodore Ts'o) wrote:
>Who's to blame? Trump, for buying a cheap-sh*t router? The router
>manufacturer, for setting up a configuration which is impossible to
>secure? SSH, for insisting that host keys be generated within seconds
>of first boot, instead of "on-demand" the first time someone tries
>connecting to the host? Glibc for providing an interface which can be
>used to get insecure randomness, despite the claims on the man page?
>The kernel, because glibc got the randomness from the kernel, and it's
>always easier to blame the kernel devs? etc.
This is certainly a bad knot to deal with. There if at least one
other option that might be useful:
Replace that temporary SSH key as soon as a good one can be generated.
The "Don't generate the key until it is needed" solution also
sounds good.
My own take on this problem is that stopping the boot process
waiting for randomness that neve comes is likely to be quite
reproducible. Given that it is reproducible, glibc should
specify getrandom() to block. If getrandom() is called when it
must block, write messages to the log (if it is up and running)
about the situation. In any case describe the situation in the
man page. The system will fail often enough during testing that
fixing the problem becomes a problem for QA, or if the system is
released without testing, customer support. That way at least
the developers will at least have to think about the problem.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"Web security is like medicine - trying to
do good for
408-356-8506 |an evolved body of kludges" - Mark Miller
www.pwpconsult.com |
More information about the cryptography
mailing list