[openssl-users] PRNG is not seeded

Michael Wojcik Michael.Wojcik at microfocus.com
Wed May 30 13:55:54 UTC 2018


> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of FooCrypt
> Sent: Tuesday, May 29, 2018 21:41
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] PRNG is not seeded
>
> > On 30 May 2018, at 8:58 AM, Scott Neugroschl <scott_n at xypro.com>
> wrote:
> >
> > I’m using PRNGD to seed my random numbers (I’m on a system without
> > /dev/random and /dev/urandom).   I occasionally get the dreaded “PRNG is
> > not seeded” error.
>
> I don’t know your OS or environment, have you tried the ‘openssl rand’
> functionality as a random source to seed your entropy issues ?

Where would openssl rand be getting its entropy from, in this case? You have a circular dependency: openssl needs entropy, so it tries to get it from PRNGD; and you're asking openssl to put entropy into PRNGD.

> perhaps rather than pseudo random, try a hardware device ?

Now, this is a case where you might use openssl rand, in conjunction with engine, to get entropy from another source. That could be a useful hack if you can't easily change PRNGD or the application to read entropy from the device.

For example, I think I successfully used openssl with the pkcs11 engine to get entropy from a NitroKey device a couple of years back, when I was playing around with cheap HSMs.

Whether something like the NitroKey (which is an inexpensive USB-attached HSM in a thumbdrive form factor) would be useful in this case is something Scott would have to determine.

If it is, it'd be cleaner if he could change the application to load the pkcs11 engine and use its RNG directly, or at least get entropy from it to seed OpenSSL's PRNG.

> > I know this is caused by a lack of available entropy in the system; but what
> > can I do to address this?  Is it just a matter of waiting until enough entropy
> > has been collected?  Is there any kind of workaround?

Depends on what sources PRNGD uses (I haven't looked), what the device is, what the application is... If the device has sensors you can read, you might be able to gather some entropy by reading noise from them (though this is somewhat fraught - you don't want to overestimate the amount of entropy, and both sensors and sensor APIs are often vulnerable to attack).

Sometimes applications ask users to generate some entropy by asking them to  bang on the keyboard or wiggle the mouse, or that sort of thing. Again, it really depends on what your device and application are.

This topic is discussed at some length in the technical literature; see for example section 3 of RFC 4086.

--
Michael Wojcik
Distinguished Engineer, Micro Focus





More information about the openssl-users mailing list