On 04/28/2014 03:31 PM, Tomas Mraz wrote:
> What about this version? Do you think it's sufficiently
balanced?
>
> <para>
> OpenSSL command-line commands, such as <command>openssl
> genrsa</command>, do not ensure that physical entropy is used
> for key generation—they obtain entropy from
> <filename>/dev/urandom</filename> and other sources, but not
> from <filename>/dev/random</filename>. This can result in
> weak keys if the system lacks a proper entropy source (e.g., a
> virtual machine with solid state storage). Depending on local
> policies, keys generated by these OpenSSL tools should not be
> used in high-value, critical functions.
> </para>
OK, that's better.
Thanks.
>>> Is there a way to check in /proc that the kernel has
initialized the
>>> pool? I know the kernel prints a message. A low value in
>>> /proc/sys/kernel/random/entropy_avail does not necessarily mean that no
>>> entropy was mixed into the pool.
>>
>> Unfortunately I do not know of such way. Perhaps this should be added as
>> additional /proc value?
>
> Hmm, that could make sense.
>
> On the other hand, blocking until entropy is available could result in
> preventing system startup because nothing is running that would trigger
> entropy production.
Yes, but having indicative /proc value shouldn't really harm.
There's now a discussion upstream: <
https://lkml.org/lkml/2014/4/28/494>
--
Florian Weimer / Red Hat Product Security Team