On Tue, 21 Aug 2001, Alex Bligh - linux-kernel wrote:
> So writers of ssh, ssl etc. all go use /dev/random, which is not
> 'theoretically vulnerable to a cryptographic attack'. This means,
> in practice, that they are dysfunctional on some headless systems
> without Robert's patch. Robert's patch may make them slightly
> less 'perfect', but not as imperfect as using /dev/urandom instead.
> Using /dev/urandom has another problem: Do we expect all applications
> now to have a compile option 'Are you using this on a headless
> system in which case you might well want to use /dev/urandom
> instead of /dev/random?'. By putting a config option in the kernel,
> this can be set ONCE and only degrade behaviour to the minimal
> amount possible.
A little question: I used to believe that crypto software requires
strong random source to generate key pairs, but this requirement in
not true for session keys. You don't usually generate a key pair on
a remote system, of course, so that's not a big issue. On low-entropy
systems (headless servers) is /dev/urandom strong enough to generate
session keys? I guess the little entropy collected by the system is
enough to feed the crypto secure PRNG for /dev/urandom, is it correct?
.TM.
--
____/ ____/ /
/ / / Marco Colombo
___/ ___ / / Technical Manager
/ / / ESI s.r.l.
_____/ _____/ _/ Colombo@ESI.it
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 23 2001 - 21:00:41 EST