[openssl-users] PRNG is not seeded
Michael.Wojcik at microfocus.com
Wed Jun 6 16:12:59 UTC 2018
> From: openssl-users <openssl-users-bounces at openssl.org> on behalf of Jakob Bohm <jb-openssl at wisemo.com>
> Sent: Tuesday, June 5, 2018 02:46
> Hence my solution of using a hardware TRNG shared over the
> network with devices that lack the ability to have one added
Yes, I think that's a good approach. It reduces the attack surface, since the client device can connect to the entropy-gathering device with considerable assurance (it can be configured with a pinned CA or PSK, etc), and at startup can use some entropy saved from the previous run. An attacker in a privileged position could try active attacks like a DoS against the connection to the entropy server, but a (more dangerous) passive attack looks very difficult.
And it's practical for real-world data centers; implementation and equipment costs are low.
It should even be possible to do this with one of those SOHO WIFi routers that have USB ports and media-sharing features, for use by smartphone apps and the like.
More information about the openssl-users