> From: David Jacobson [mailto:dmjacob...@sbcglobal.net] > Sent: Saturday, February 18, 2012 5:15 PM > > You will see that /dev/urandom does get real entropy, and, as I said, > entropy is saved across shutdown and reboot, so that even right after > boot (assuming that the file is secure), the entropy is good.
Yes, I know urandom has real entropy fed into it based on the availability of real entropy. Yes I know it saves state during reboots, so it is strong even after reboots. However... The most obvious situation where it doesn't have sufficient entropy is during *first* boot. You know, when your system generated your ssh keys. Fortunately that problem is easy to solve, and it is unrelated to openssl. Fixed as follows: export SSH_USE_STRONG_RNG=256 ; sudo ssh-keygen -q -C "" -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key ; sudo ssh-keygen -q -C "" -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key ; sudo ssh-keygen -q -C "" -N "" -t rsa1 -f /etc/ssh/ssh_host_key The second most obvious situation is as you said, VM's starting from the same initial state. Granted, when most people use openssl to generate keys, the system has generally been on a long time and generally has accumulated plenty of entropy. But how do you know when your system has been on long enough to safely generate your keys? It's probably within the first few minutes after first boot, but how do you know? And of course it's going to be different from OS to OS. People want to know *at least* one way they can be assured they have sufficient entropy to generate their keys safely. And after answering this question a single time, it is worth extending to other OSes, such as windows. (I know I have certainly used openssl inside of cygwin to generate keys, and I have absolutely no idea what cygwin randomness is based on.) Based on what's happening out there now, there are a lot of people scared that they've not been diligent enough to ensure sufficient entropy. This is easy to fix. I am not interested in debating the pros/cons of urandom versus random. I am interested in coming up with a simple easy-to-follow solution that people can use to systematically ensure they have sufficient entropy. My best idea so far is cat /dev/random > ~/.rnd (and wait until it's 1k long). This takes about 8 minutes on my system, and after that, you are assured you always have strong entropy. But as described in my previous email, there is some reason for me to doubt whether this is achieving the end result I'm trying to achieve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
