Re: [Secure Coding] master: Added RSA key generation procedures (56f3511)

Sun, 08 Jun 2014 07:32:27 -0700 

On Fri, 30 May 2014 [email protected] wrote:

> diff --git a/Securing_TLS/en-US/OpenSSL.xml b/Securing_TLS/en-US/OpenSSL.xml
> index 191564f..df458d9 100644
> --- a/Securing_TLS/en-US/OpenSSL.xml
> +++ b/Securing_TLS/en-US/OpenSSL.xml
> @@ -160,5 +160,36 @@ EXP-KRB5-RC4-MD5        SSLv3
>                       </para>
>               </section>
>       </section>
> +     <section 
> id="sect-Fedora_Security_Team-Securing_TLS-OpenSSL-Generating_Crypto">
> +             <title>Generating Crypto</title>
> +             <para>Properly generating keys and certificates is as important 
> as the ciphers suite being used to secure the circuit.  The best cipher can 
> be broken with improperly generated keys.</para>
> +
> +             <section 
> id="sect-Fedora_Security_Team-Securing_TLS-OpenSSL-Generating_Crypto-RSA">
> +                     <title>Generating RSA keys</title>
> +                     <para>RSA keys are the most common key type used to 
> secure SSL and TLS circuits.  It's relatively simple to generate keys and 
> we'll describe how and why now.</para>
> +                     <para>
> +<screen>
> +openssl genrsa -aes128 -out key_name.key 3072
> +</screen>
> +This will generate a 3072-bit RSA key that is sufficently large for true 128 
> bits of security.  To obtain 256 bits of security the RSA key will need to be 
> 15360 bits.  If you require that type of security, however, a ECDSA key 
> should be utilized.
> +<important><para>The industry standard 2048-bit RSA key only provides 112 
> bits of security.<footnote><para>NIST SP 800-57 Part 1, Rev 3 <ulink 
> url="http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf";
>  /></para></footnote></para></important>

etc...  but "OpenSSL pitfalls" in defensive-coding/en-US/Features-TLS.xml
warns that

        OpenSSL command-line commands, such as <command>openssl
        genrsa</command>, do not ensure that physical entropy is used
        for key generation--they obtain entropy from
        <filename>/dev/urandom</filename> and other sources, but not
        from <filename>/dev/random</filename>.  This can result in
        weak keys if the system lacks a proper entropy source (e.g., a
        virtual machine with solid state storage).  Depending on local
        policies, keys generated by these OpenSSL tools should not be
        used in high-value, critical functions.

I think such warning (and perhaps an advice to use -randfile /dev/random?)
should be reflected in documents telling people to use openssl genrsa et 
al. to generate keys.

Come to think of it, maybe it would also be a good idea to patch these 
commands to print the warning when they are used to generate new keys 
without a good source of entropy.

-- 
Pavel Kankovsky aka Peak                      "Que sais-je?"


--
security mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/security

Reply via email to