Remove All Software Generators
Jochen Bern
Jochen.Bern at binect.de
Wed Oct 30 17:44:43 UTC 2019
On 10/30/2019 04:19 PM, openssl-users-request at openssl.org digested:
> From: Frederick Gotham <cauldwell.thomas at gmail.com>
> To: openssl-users at openssl.org
>
> I even tried deleting /dev/random and /dev/urandom
... don't do that. The Linux kernel is both a provider and a consumer of
entropy, e.g., to randomize the TCP sequence numbers as it establishes
TCP connections on behalf of applications. Unless you go all the way and
add a TPM driver (as the only source of entropy) to *the kernel*, you
risk ending up with "good crypto" on the application layer but easily
hijacked connections, defeated stack randomization, SSH logins from
remote that fail, etc. etc..
Kind regards,
--
Jochen Bern
Systemingenieur
E jochen.bern at binect.de
W www.binect.de
More information about the openssl-users
mailing list