
Bugtraq mailing list archives
Re: ssh host key generation in Red Hat Linux
From: Crispin Cowan <crispin () immunix com>
Date: Fri, 25 Jul 2003 11:29:51 -0700
Kent Borg wrote:
SSH is likely getting it's entropy from /dev/random. The kernel will decide whether there is enough entropy in the /dev/random entropy pool, and block reads until the pool fills.I recently installed Red Hat Linux 9 and noticed on the first boot a message about generating ssh host keys. Isn't that a dangerous thing to do on the first boot? Where is the installation going to get enough good entropy so early in its life? Maybe the paranoid thing to do is, as part of configuring a machine, to regenerate those keys once user interaction (or other entropy source) has had time to really stir the Linux entropy pool.
This pool, in turn, is going to have pleanty of entropy generated by timing jitter in disk I/O interrupts.
To experiment with this, run the command: cat /dev/random | od -cxIt will dump for a while and then stop. Then type a key. Then move your mouse. Wait for a cron job to start up and watch what it does. Etc. etc.
Disclaimer: there is dispute in the crypto community about the hashing done in /dev/urandom (note the 'u') which never blocks. /dev/urandom just recycles the entropy pool with a PRNG, and people have variable faith in the quality of PRNG's.
Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Chief Scientist, Immunix http://immunix.com http://www.immunix.com/shop/
Current thread:
- ssh host key generation in Red Hat Linux Kent Borg (Jul 25)
- Re: ssh host key generation in Red Hat Linux Crispin Cowan (Jul 25)
- Re: ssh host key generation in Red Hat Linux Brian Hatch (Jul 25)
- Message not available
- Re: ssh host key generation in Red Hat Linux Kent Borg (Jul 25)
- Re: ssh host key generation in Red Hat Linux Aaron Lehmann (Jul 26)
- Re: ssh host key generation in Red Hat Linux Crispin Cowan (Jul 25)