[openssl-dev] Work on a new RNG for OpenSSL

[Paul Dale]

Cory asked:
> When you say “the linked article”, do you mean the PCWorld one?

My apologies I meant the one Ted referred to soon after.


Pauli
-- 
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption 
Phone +61 7 3031 7217
Oracle Australia


-----Original Message-----
From: Cory Benfield [mailto:cory at lukasa.co.uk] 
Sent: Wednesday, 28 June 2017 5:15 PM
To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] Work on a new RNG for OpenSSL


> On 28 Jun 2017, at 04:00, Paul Dale <paul.dale at oracle.com> wrote:
> 
> 
> Peter Waltenberg wrote:
>> The next question you should be asking is: does our proposed design mitigate known issues ?. 
>> For example this:
>> http://www.pcworld.com/article/2886432/tens-of-thousands-of-home-routers-at-risk-with-duplicate-ssh-keys.html
> 
> Using the OS RNG won't fix the lack of boot time randomness unless there is a HRNG present.
> 
> For VMs, John's suggestion that /dev/hwrng should be installed is reasonable.
> 
> For embedded devices, a HRNG is often not possible.  Here getrandom() (or /dev/random since old kernels are common) should be used.  Often /dev/urandom is used instead and the linked article is the result.  There are possible mitigations that some manufacturers include (usually with downsides).

When you say “the linked article”, do you mean the PCWorld one? Because that article doesn’t provide any suggestion that /dev/urandom has anything to do with it. It is at least as likely that the SSH key is hard-coded into the machine image. The flaw here is not “using /dev/urandom”, it’s “exposing your router’s SSH access on the external side of the router”, plus the standard level of poor configuration done by shovelware router manufacturers.

Cory

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev