Automatically generated configuration files

Paul Wouters paul at nohats.ca
Thu Apr 24 15:39:42 UTC 2014


On Thu, 24 Apr 2014, Florian Weimer wrote:

> I don't think "openssl genrsa 2048" has this issue on today's machines.  (I 
> know I saw it with GNUTLS.)

I was sceptical, so I tried this on a freshly booted VM:

root at bofh:~# virsh start north
Domain north started
root at bofh:~# ssh root at north
Last login: Wed Apr 23 11:54:46 2014
[root at north ~]# time openssl genrsa 2048
[...]
real	0m0.382s
user	0m0.267s
sys	0m0.003s

Call me very surprised! We finally have real entropy in VMs now. Good news!

> It came up in the context of clustering software where the single 
> certificate/key pair (shared across the cluster) would be used to secure 
> cluster membership.  The cluster nodes trust each other as a result of the 
> protocol features, so they could access their private keys anyway, even if 
> they were separate.

Ah.. understood.

Paul


More information about the devel mailing list