[147729] in cryptography@c2.net mail archive
Re: [Cryptography] OpenSSL not using /dev/random (was: Re:
daemon@ATHENA.MIT.EDU (Sandy Harris)
Fri Oct 18 12:38:49 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <5260D4E4.7050400@funwithsoftware.org>
Date: Fri, 18 Oct 2013 08:12:34 -0400
From: Sandy Harris <sandyinchina@gmail.com>
To: Cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Patrick Pelletier <code@funwithsoftware.org> wrote:
> On 10/16/13 12:11 PM, Theodore Ts'o wrote:
>
>> ... I recently noticed that on my Debian Testing box,
>> the openssl librcrypto library is apparently not using /dev/urandom or
>> /dev/random by default. ....
> Are you on a machine with the RdRand instruction? OpenSSL ships with a
> built-in RdRand ENGINE which just uses RdRand and doesn't use OpenSSL's
> random number generator at all. (And thus needs no entropy.) ...
Snowden revealed that the NSA does sabotage things for easier
monitoring, OpenSSL would be a prime target, and a plausible
attack on RdRand has been published.
http://threatpost.com/researchers-develop-undetectable-hardware-trojans
http://people.umass.edu/gbecker/BeckerChes13.pdf
random(4) can use RdRand, but it sensibly treats it as only
one of many entropy sources, so even a sabotaged RdRand
is not fatal. I'd say it is quite clear OpenSSL should do that
as well. The simplest way to do that appears to be to use
/dev/random or /dev/urandom.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
