[Cryptography] OpenSSL CSPRNG work
Theodore Ts'o
tytso at mit.edu
Thu Jul 6 19:38:48 EDT 2017
On Thu, Jul 06, 2017 at 09:51:16AM -0400, Patrick wrote:
> Nemo wrote on 07/05/2017 08:42 PM:
>
> > The never-blocking /dev/urandom on Linux has been a serious design
> > flaw from the beginning.
>
> What is the problem with a non-blocking /dev/urandom, assuming it was
> seeded with at least 128 unpredictable bits when first initiated?
If we can build a way of getting that seed passed into the kernel from
the bootloader, that will probably go a long way towards solving much
of the problem. We still have to store that seed where the bootloader
can get to it, regenerate the seed at boot and shutdown, but the real
hard problem is that each architecture will need a at least one
solution for its bootloader. (For some architectures you might need
to support multiple boot loaders.)
You still have to solve the problem of how do you reliable and secure
the seed when the system is booted for the first time right after it
has been unpacked from the box. That can potentially be quite
difficult, since it's likely going to be different for each consumer
electronics device that is using Linux.
And trusting consumer electronics manufacturers to be able to
correctly and securely generate random seeds for all of their devices
when they can't even manage to assign unique ethernet MAC address is a
very challenging problem!
- Ted
More information about the cryptography
mailing list