On 11/16/2012 3:36 AM, Jeffrey Walton wrote:
...
Headless servers, entropy starvation, and rollbacks are a concern in
modern environments. OpenSSL and other entropy gathers, such as EDG,
don't account for the later. Its best to take the bull by the horns
and do it yourself. At minimum, you need to call RAND_add() with
entropy external to /dev/{u}rand.
Would you care to elaborate on the following points:
1. What do you mean by "rollback"
2. What RNG/PRNG are you referring to as "EDG"
3. What exactly makes /dev/{u,}random in current (not ancient) Linux
kernelsinsecure given an appropriate supply of entropy?
Note that the two papers you site on the Linux kernel PRNG are:
I. A 6 year old document, presumably not applicable to the code in
currentkernel versions.
II. A document about the consequences of using any PRNG without
sufficiententropy input, with the Linux kernel PRNG as a common
example. This wouldpresumably be irrelevant if feeding the kernel
plenty of external entropy, e.g.by getting it from a hardware RNG
hooked up to a trusted server (under yourown control of cause).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
