On 06/08/2014 03:48 PM, Pavel Kankovsky wrote:
etc... but "OpenSSL pitfalls" in
defensive-coding/en-US/Features-TLS.xml
warns that
OpenSSL command-line commands, such as <command>openssl
genrsa</command>, do not ensure that physical entropy is used
for key generation--they obtain entropy from
<filename>/dev/urandom</filename> and other sources, but not
from <filename>/dev/random</filename>. This can result in
weak keys if the system lacks a proper entropy source (e.g., a
virtual machine with solid state storage). Depending on local
policies, keys generated by these OpenSSL tools should not be
used in high-value, critical functions.
I think such warning (and perhaps an advice to use -randfile /dev/random?)
should be reflected in documents telling people to use openssl genrsa et
al. to generate keys.
"-randfile /dev/random" hopefully does not offer any real benefit.
Come to think of it, maybe it would also be a good idea to patch
these
commands to print the warning when they are used to generate new keys
without a good source of entropy.
Currently, there is no non-blocking way to detect that the kernel pool
has been initialized. I proposed a patch to add a variable under
/proc/sys, but that wasn't accepted. There have been some recent
discussions on the kernel and systemd side, but no one feels
responsible, so there hasn't been any actual progress.
--
Florian Weimer / Red Hat Product Security Team