#22584: Add entropy from browser to /dev/random
-------------------------+-------------------------------
Reporter: djasa | Owner: developers
Type: defect | Status: new
Priority: normal | Milestone: Features Paradise
Component: base system | Version: Trunk
Keywords: |
-------------------------+-------------------------------
All relevant browsers do support [https://developer.mozilla.org/en-
US/docs/Web/API/RandomSource/getRandomValues
window.crypto.getRandomValues()] method for several years already that is
guaranteed to generate cryptographically-strong random values. Given that
most (all?) devices where OpenWRT runs are entropy-poor, there is a need
for strong entropy in order to generate SSH (and possibly other) keys or
to establish ECDSA connections, it would be prudent if OpenWRT augmented
device's own entropy with strong entropy from user whenever they access
LuCI and possibly save some of it for augmenting /dev/random on later
boots as well.
If this is implemented, it would make sense to delay SSH key generation
until there is enough entropy (optimally use getrandom() system call)
--
Ticket URL: <https://dev.openwrt.org/ticket/22584>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
openwrt-tickets@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
