[Pkg-gnutls-maint] Bug#475168: Bug#475168: certtool --generate-dh-params is ridiculously wasteful of entropy

Daniel Kahn Gillmor dkg-debian.org at fifthhorseman.net
Thu Apr 10 14:33:36 UTC 2008 

I've packaged gnutls 2.3.4 (upstream's current development version)
for my own testing, and i see the same behavior described in this
ticket using 2.3.4 on a lenny/sid i386 system (see strace and package
versions below).  So the problem isn't unique to the version in lenny.

I'm afraid I don't know enough about crypto to know why reading from
/dev/urandom (a PRNG itself, aiui) would be cryptographically worse
than implementing your own internal PRNG and seeding it from
/dev/urandom, which seems to be what this bug is suggesting would be
better.  I'd be happy to learn, though.

By comparison, "openssl dhparam" only reads 32 bytes from /dev/urandom
for the same task (and uses its own PRNG according to dhparam(1ssl)).

Regards,

        --dkg

Here's the openssl run:

[0 dkg at squeak ~]$ strace -eread,open openssl dhparam 384
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/usr/lib/i686/cmov/libssl.so.0.9.8", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\330"..., 512) = 512
open("/usr/lib/i686/cmov/libcrypto.so.0.9.8", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 at Y\4\000"..., 512) = 512
open("/lib/i686/cmov/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\n\0\000"..., 512) = 512
open("/usr/lib/libz.so.1", O_RDONLY)    = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\30"..., 512) = 512
open("/lib/i686/cmov/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260e\1"..., 512) = 512
open("/usr/lib/ssl/openssl.cnf", O_RDONLY|O_LARGEFILE) = 3
read(3, "#\n# OpenSSL example configuratio"..., 4096) = 4096
read(3, "_name ]\ncountryName\t\t\t= Country "..., 4096) = 4096
read(3, " an SSL server.\n# nsCertType\t\t\t="..., 4096) = 1182
read(3, "", 4096)                       = 0
open("/proc/meminfo", O_RDONLY)         = 3
read(3, "MemTotal:       507980 kB\nMemFre"..., 1024) = 728
open("/home/dkg/.rnd", O_RDONLY)        = 3
read(3, "\211\223\35+\244_\343\335v\225\365\340\377=\236\t\"\21"..., 4096) = 1024
read(3, "", 4096)                       = 0
Generating DH parameters, 384 bit long safe prime, generator 2
This is going to take a long time
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3
read(3, "\251\240*\3307\270\212\255\240\305>Z\257D_\326go\24\275"..., 32) = 32
........................................................+....+...+.......+................+..+................+.................+........+......................................................+........................................................................+............................................................................+......+..............+.............+.............+.+......................++*++*++*++*++*++*++*++*
open("/home/dkg/.rnd", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
-----BEGIN DH PARAMETERS-----
MDYCMQClD/cztoER1Yur0rvM0VwnWH1LNjndViK73lB15gZ0JPUqUIEzYqIxwfPx
0fAs+GMCAQI=
-----END DH PARAMETERS-----
Process 12428 detached
[0 dkg at squeak ~]$ dpkg -l $(dlocate $(ldd $(which openssl) | awk '{ print $3 }' | grep ^/) | cut -f1 -d: | sort -u)
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name           Version        Description
+++-==============-==============-============================================
ii  libc6-i686     2.7-10         GNU C Library: Shared libraries [i686 optimi
ii  libssl0.9.8    0.9.8g-8       SSL shared libraries
ii  zlib1g         1:1.2.3.3.dfsg compression library - runtime
[0 dkg at squeak ~]$ 


And here's the certtool run:

[0 dkg at squeak ~]$ strace -eread,open -s12 certtool --generate-dh-params --bits 384
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/usr/lib/libgnutls.so.26", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0"..., 512)      = 512
open("/usr/lib/libz.so.1", O_RDONLY)    = 3
read(3, "\177ELF\1\1\1\0"..., 512)      = 512
open("/usr/lib/libtasn1.so.3", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0"..., 512)      = 512
open("/usr/lib/libgcrypt.so.11", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0"..., 512)      = 512
open("/usr/lib/libgpg-error.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0"..., 512)      = 512
open("/lib/libreadline.so.5", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0"..., 512)      = 512
open("/lib/i686/cmov/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0"..., 512)      = 512
open("/lib/libncurses.so.5", O_RDONLY)  = 3
read(3, "\177ELF\1\1\1\0"..., 512)      = 512
open("/lib/i686/cmov/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0"..., 512)      = 512
open("/dev/urandom", O_RDONLY)          = 3
read(3, "y\251Az\t*\254"..., 120)       = 120
read(3, "<}\265=\345\363"..., 120)      = 120
read(3, "\223\325\21(\334"..., 120)     = 120
read(3, "\250\316\350V\305"..., 120)    = 120
read(3, "#y4\377\306\247"..., 120)      = 120
read(3, "\313\337\363C\213"..., 120)    = 120
read(3, "\17\324\25\35\344"..., 120)    = 120
read(3, "\264N\177f\263"..., 120)       = 120
read(3, "WV-\206\241%\246"..., 120)     = 120
read(3, "\365\f\273\217"..., 120)       = 120
read(3, "\30NA\257\35(\241"..., 120)    = 120
read(3, "mo\263\234\213"..., 120)       = 120
read(3, "#\312\214)\n\17"..., 120)      = 120
read(3, "\34\25\351}\276"..., 120)      = 120
read(3, "\322&-\"\362@\343"..., 120)    = 120
read(3, "\224\235\265\n"..., 120)       = 120
read(3, "\357\335\366>&"..., 120)       = 120
read(3, "f^z\36\374\324"..., 120)       = 120
read(3, " \'>\243\356\207"..., 120)     = 120
read(3, "XK\233b\266\024"..., 120)      = 120
read(3, "V)\352\217>\226"..., 120)      = 120
read(3, "x\310\352\250{"..., 120)       = 120
read(3, "\353\371\10Z\330"..., 120)     = 120
read(3, "\362\37\255\255"..., 120)      = 120
read(3, "2E\242u\376g$\202"..., 120)    = 120
Generating DH parameters...
Generator: 05

Prime: 91:93:0b:bc:40:ac:a7:bd:69:26:15:f1
	13:b6:83:4e:a1:29:30:25:1e:5e:ec:5f
	fc:be:da:e5:4f:4d:16:8e:78:98:66:73
	84:74:44:1a:4c:5c:5e:25:c7:f6:ba:8f


-----BEGIN DH PARAMETERS-----
MDYCMQCRkwu8QKynvWkmFfETtoNOoSkwJR5e7F/8vtrlT00WjniYZnOEdEQaTFxe
Jcf2uo8CAQU=
-----END DH PARAMETERS-----
Process 11992 detached
[0 dkg at squeak ~]$ dpkg -l $(dlocate $(ldd $(which certtool) | awk '{ print $3 }' | grep ^/) | cut -f1 -d: | sort -u)
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name           Version        Description
+++-==============-==============-============================================
ii  libc6-i686     2.7-10         GNU C Library: Shared libraries [i686 optimi
ii  libgcrypt11    1.4.0-3        LGPL Crypto library - runtime library
ii  libgnutls26    2.3.4-1~dkg2   the GNU TLS library - runtime library
ii  libgnutls26-db 2.3.4-1~dkg2   GNU TLS library - debugger symbols
ii  libgpg-error0  1.4-2          library for common error values and messages
ii  libncurses5    5.6+20080308-1 Shared libraries for terminal handling
ii  libreadline5   5.2-3          GNU readline and history libraries, run-time
ii  libtasn1-3     1.3-1          Manage ASN.1 structures (runtime)
ii  zlib1g         1:1.2.3.3.dfsg compression library - runtime
[0 dkg at squeak ~]$ 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20080410/c3d1ec30/attachment.pgp

More information about the Pkg-gnutls-maint mailing list