[Cryptography] OpenSSL CSPRNG work
Matt Johnston
matt at ucc.asn.au
Fri Jul 7 06:33:50 EDT 2017
On Wed, Jul 05, 2017 at 05:43:37PM -0400, Theodore Ts'o wrote:
>
> Who's to blame? Trump, for buying a cheap-sh*t router? The router
> manufacturer, for setting up a configuration which is impossible to
> secure? SSH, for insisting that host keys be generated within seconds
> of first boot, instead of "on-demand" the first time someone tries
> connecting to the host? Glibc for providing an interface which can be
> used to get insecure randomness, despite the claims on the man page?
> The kernel, because glibc got the randomness from the kernel, and it's
> always easier to blame the kernel devs? etc.
Those cheap-sh*t routers could generate their SSH host keys
upon first connection. They're probably running Dropbear
which has '-R' to generate keys on-demand (added late 2013).
Matt
More information about the cryptography
mailing list