Re: entropy + openSSL question

From: Brian Hatch (focus-linux@ifokr.org)
Date: 02/20/03

Next message: focus-linux: "Fw: goldfish"

Previous message: Zow: "Re: LKM Trojan installed"
In reply to: Seth Arnold: "Re: entropy + openSSL question"
Next in thread: Steffen Dettmer: "Re: entropy + openSSL question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 19 Feb 2003 15:41:35 -0800
From: Brian Hatch <focus-linux@ifokr.org>
To: focus-linux@securityfocus.com

> > Then... I start again with my first question. there?s a good way to
> > generate entropy??? [Suppose that the machine who generates the key will
> > not have much interrupts because anybody are in front of the keyboard to
> > generate it]
>
> Robert M Love has put together some patches for the Linux kernel to add
> network interfaces to the device drivers that generate entropy for the
> random pool: http://www.tech9.net/rml/linux/ Note that this is of
> debatable value; since network traffic may be seen or even controlled by
> attackers, it may or may not add real entropy to the pool. You need to
> decide for yourself if this is a concern.

I believe[0] you can write to /dev/random and /dev/urandam to increase the
entropy contained in them. Of course, you should only write data that
is of equivalent entropy to them. Sending non-random data to /dev/random
defeats the purpose entirely.

One option is to take data from an external random source, such as
hotbits[1] or lavarnd[2] when it goes back online.

[0] I have heard this, but have not verified this myself through an
actual code review.

[1] http://www.fourmilab.ch/hotbits/

[2] http://www.lavarnd.org/

--
Brian Hatch                  We waste time so
   Systems and                you don't have to.
   Security Engineer
www.hackinglinuxexposed.com
Every message PGP signed

application/pgp-signature attachment: stored

Next message: focus-linux: "Fw: goldfish"
Previous message: Zow: "Re: LKM Trojan installed"
In reply to: Seth Arnold: "Re: entropy + openSSL question"
Next in thread: Steffen Dettmer: "Re: entropy + openSSL question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: entropy + openSSL question
... > generate a key with 2048 bits length when entropy is out?? ... /dev/urandom on linux and openbsd will not block; ... versions of what is in the entropy pool. ... network interfaces to the device drivers that generate entropy for the ...
(Focus-Linux)
Re: [PATCH] Let DAC960 supply entropy to random pool
... DAC960 block device driver). ... entropy to the random pool, so it was impossible to get any data from ... the proper path for disks to add entropy. ... more than an hour (with heavy disk activity) before applying the ...
(Linux-Kernel)
Re: [PATCH] Let DAC960 supply entropy to random pool
... DAC960 block device driver). ... entropy to the random pool, so it was impossible to get any data from ... the proper path for disks to add entropy. ... Add disk entropy in DAC960 request completions. ...
(Linux-Kernel)