It is critical to get the initial seed with as much entropy as possible and because
you are the OS vendor I don't believe you can do it yourself. I think it's up to the
end users to provide the seed. In the case of small embedded systems, it's a design
issue, to provide the required level of security it may be necessary for the
manufacturer to provide an initial random number in NV storage to each device. If the
manufacture wants to provide rng h/w, all the better for a seed.
-another lee
-----Original Message-----
From: Vadim Fedukovich [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 04, 2001 10:55 AM
To: [EMAIL PROTECTED]
Subject: Re: Embedded SSL and randomness
Lee,
unpredictable random numbers required for ssl client to set
pre-master secret, client key exchange message, rsa mode.
One can run a "reverse" solution with SSL client on a web server.
Unfortunately this breaks HTTPS. However, you still have
a secure solution and a CA in business :)
would this fit your environment? "gather initial entropy" step?
please be cautious and think twice before actually going this route.
-vf
On Fri, 4 May 2001, Lee Webber wrote:
> At 04:10 PM 5/4/01 +0300, Andreas Bäck wrote:
>
> >The core question is what [it] takes to port it to an embeded system.
>
> FWIW: my number one worry about porting SSL to an embedded system is where
> I get my entropy. Because my company sells embedded OS's to end
> developers, I need a general solution if possible.
>
> So where does the randomness come from on startup? No users, no mouse or
> keyboard input, no unpredictable thread activity... I can get a little
> randomness from clock skew, if I'm willing to wait forever to gather it. I
> can get some more from arrival of network packets -- except that by the
> time network packets start arriving I'd better already be seeded.
>
> That leaves two possibilities, external sources (including unused sound
> cards) and the Intel 81x chipset. Both of these have the drawback that no
> one solution is always available.
>
> Finally, I can start the system out insecure, have it train up to
> sufficient entropy, and then store the entropy for future use.
>
> The above is all I've been able to find on the Internet. Have I missed
> anything?
>
>
> **********************************************************************
> This email, and any files transmitted with it, are confidential
> and intended solely for the use of the individual or entity to
> whom they are addressed. If you have received this email
> in error please advise [EMAIL PROTECTED]
> **********************************************************************
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
