Re: Embedded SSL and randomness

2001-05-04 Thread Vadim Fedukovich 

Lee,

unpredictable random numbers required for ssl client to set
pre-master secret, client key exchange message, rsa mode.
One can run a reverse solution with SSL client on a web server.
Unfortunately this breaks HTTPS. However, you still have
a secure solution and a CA in business :)

would this fit your environment? gather initial entropy step?
please be cautious and think twice before actually going this route.

-vf

On Fri, 4 May 2001, Lee Webber wrote:

 At 04:10 PM 5/4/01 +0300, Andreas Bäck wrote:

 The core question is what [it] takes to port it to an embeded system.

 FWIW: my number one worry about porting SSL to an embedded system is where
 I get my entropy.  Because my company sells embedded OS's to end
 developers, I need a general solution if possible.

 So where does the randomness come from on startup?  No users, no mouse or
 keyboard input, no unpredictable thread activity...  I can get a little
 randomness from clock skew, if I'm willing to wait forever to gather it.  I
 can get some more from arrival of network packets -- except that by the
 time network packets start arriving I'd better already be seeded.

 That leaves two possibilities, external sources (including unused sound
 cards) and the Intel 81x chipset.  Both of these have the drawback that no
 one solution is always available.

 Finally, I can start the system out insecure, have it train up to
 sufficient entropy, and then store the entropy for future use.

 The above is all I've been able to find on the Internet.  Have I missed
 anything?


 **
 This email, and any files transmitted with it, are confidential
 and intended solely for the use of the individual or entity to
 whom they are addressed. If you have received this email
 in error please advise [EMAIL PROTECTED]
 **
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Embedded SSL and randomness

2001-05-04 Thread Dilkie, Lee 

It is critical to get the initial seed with as much entropy as possible and because 
you are the OS vendor I don't believe you can do it yourself. I think it's up to the 
end users to provide the seed. In the case of small embedded systems, it's a design 
issue, to provide the required level of security it may be necessary for the 
manufacturer to provide an initial random number in NV storage to each device. If the 
manufacture wants to provide rng h/w, all the better for a seed.

-another lee

-Original Message-
From: Vadim Fedukovich [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 04, 2001 10:55 AM
To: [EMAIL PROTECTED]
Subject: Re: Embedded SSL and randomness


Lee,

unpredictable random numbers required for ssl client to set
pre-master secret, client key exchange message, rsa mode.
One can run a reverse solution with SSL client on a web server.
Unfortunately this breaks HTTPS. However, you still have
a secure solution and a CA in business :)

would this fit your environment? gather initial entropy step?
please be cautious and think twice before actually going this route.

-vf

On Fri, 4 May 2001, Lee Webber wrote:

 At 04:10 PM 5/4/01 +0300, Andreas Bäck wrote:

 The core question is what [it] takes to port it to an embeded system.

 FWIW: my number one worry about porting SSL to an embedded system is where
 I get my entropy.  Because my company sells embedded OS's to end
 developers, I need a general solution if possible.

 So where does the randomness come from on startup?  No users, no mouse or
 keyboard input, no unpredictable thread activity...  I can get a little
 randomness from clock skew, if I'm willing to wait forever to gather it.  I
 can get some more from arrival of network packets -- except that by the
 time network packets start arriving I'd better already be seeded.

 That leaves two possibilities, external sources (including unused sound
 cards) and the Intel 81x chipset.  Both of these have the drawback that no
 one solution is always available.

 Finally, I can start the system out insecure, have it train up to
 sufficient entropy, and then store the entropy for future use.

 The above is all I've been able to find on the Internet.  Have I missed
 anything?


 **
 This email, and any files transmitted with it, are confidential
 and intended solely for the use of the individual or entity to
 whom they are addressed. If you have received this email
 in error please advise [EMAIL PROTECTED]
 **
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Embedded SSL and randomness

2001-05-04 Thread Vadim Fedukovich 



On Fri, 4 May 2001, Dilkie, Lee wrote:

 It is critical to get the initial seed with as much entropy as possible

yes, it's traditional way to keep openssl' PRNG happy.
However, a random inside server hello is sent in clear
and it may be appropriate to use low-quality clock-based source here.
One can outsource SSL client role out of embedded system
to let the other party generate premaster secret.

-vf


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]