On Mon, Sep 2, 2013 at 9:47 AM, Jakob Schlyter <[email protected]> wrote:
> On 30 aug 2013, at 17:44, Paul Wouters <[email protected]> wrote: > > > Wow, that is pretty epic - in a bad way...... Am I really trusting > opendnssec > > to generate RSA keys with the below code for entropy? filenames in /tmp? > > Although I agree this is bad - have you checked if these are the ONLY > entropy sources used by Botan? > Botan has a global RNG which is seeded by e.g. vmstat and filenames in /tmp. get_**default_sources() has a long list of sources, where vmstat is one of them. Trace the call to get_**default_sources() and you will see that there are also other sources added before the default ones are added. SoftHSM uses Botan::AutoSeeded_RNG which is derived from the global RNG. All RSA operations (except generating the random number for the RSA blinding) are done by using the RNG supplied by SoftHSM to Botan. This link describes how RNGs are handled by Botan. http://botan.randombit.net/rng.html Currently, you can add more entropy by calling the PKCS#11 function C_SeedRandom(). It is however recommended to use a real HSM to get a much better RNG. When it comes to the use of vmstat and similar. What we could do is not to use the Botan::AutoSeeded_RNG and just seed a Botan RNG with other sources. This would fix all functions calls except the RSA blinding. Perhaps it is better to fix the get_**default_sources() in Botan? Then we could use the Botan implementation and be more platform independent. // Rickard
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
