|
Bugtraq
mailing list archives
Re: ssh host key generation in Red Hat Linux
From: Crispin Cowan <crispin () immunix com>
Date: Fri, 25 Jul 2003 11:29:51 -0700
Kent Borg wrote:
I recently installed Red Hat Linux 9 and noticed on the first boot a
message about generating ssh host keys. Isn't that a dangerous thing
to do on the first boot? Where is the installation going to get
enough good entropy so early in its life?
Maybe the paranoid thing to do is, as part of configuring a machine,
to regenerate those keys once user interaction (or other entropy
source) has had time to really stir the Linux entropy pool.
SSH is likely getting it's entropy from /dev/random. The kernel will
decide whether there is enough entropy in the /dev/random entropy pool,
and block reads until the pool fills.
This pool, in turn, is going to have pleanty of entropy generated by
timing jitter in disk I/O interrupts.
To experiment with this, run the command:
cat /dev/random | od -cx
It will dump for a while and then stop. Then type a key. Then move your
mouse. Wait for a cron job to start up and watch what it does. Etc. etc.
Disclaimer: there is dispute in the crypto community about the hashing
done in /dev/urandom (note the 'u') which never blocks. /dev/urandom
just recycles the entropy pool with a PRNG, and people have variable
faith in the quality of PRNG's.
Crispin
--
Crispin Cowan, Ph.D. http://immunix.com/~crispin/
Chief Scientist, Immunix http://immunix.com
http://www.immunix.com/shop/
 By Date 
By Thread
Current thread:
|
Intro
