On 10/2/2012 3:12 PM, int0...@safe-mail.net wrote:
Hi,
If I try to create Diffie-Hellman key parameter (OpenSSL 1.0.0) via
openssl dhparam -out $KEY_DIR/dh1024.pem 1024
I get the following output:
"Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
.........+......... [...]
unable to write 'random state'"
I get the error since neither $HOME nor $RANDFILE is set. So if I do an
export RANDFILE=/root/.rnd
the command above works and I don't get an error.
Now I have several questions:
1. Why do I need to specify the path to the seed (RANDFILE) if I don't provide
the seed (I dont use the -rand option.)? /root/.rnd doesn't exist before I run
the command. After I ran the openssl command it is created under /root/.rnd and
contains the seed (or is this something else?).
2. If openssl creates the file on his own, why doesn't it delete if after the
DH key parameter were created? Isn't it a security risk if one doesnt delete
the seed, since an attacker could generate exactly the same key parameter if he
would get access to the seed?
[1] http://www.openssl.org/support/faq.cgi#USER2
On computers that don't have a good /dev/*random, the randomness used
by OpenSSL comes only from things happening on the computer during the
few moments when the openssl tool is running. To gather up more
randomness, the openssl tool tries to accumulate randomness over
multiple runs as follows:
1. At the end of each run that used the random number generator,
write a file of random bits (computed so they have a lot of entropy but
do not reveal any of the random numbers already generated).
2. At the start of each such run, read in that file and use it as an
initial pool of random bits to be mixed with any random system activity
observed during the run.
So the seed written to ${HOME}/.rnd is supposed to stay around until the
next time you run the openssl tool, and reveals very little about keys
you alredy created. But it may reveal something about the next key you
create, which is why the file is/should be written with permissions so
only you can read it.
Now why OpenSSL keeps doing this on platforms with a good OS random
source (such as non-historic Linux versions, some BSDs, recent Solaris
versions, non-historic Windows versions) is a mystery to me.
Additionally, the Windows implementation of the ".rnd" saving code has
an old bug that it frequently chooses the wrong directory for the file,
apparently the code was written by someone unfamiliar with the Windows
FHS conventions (which are logically similar but very different from
the Linux/Unix FHS).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
