[Pkg-openssl-devel] Bug#742145: openssl: uses only 32 bytes (256 bit) for key generation

Thorsten Glaser tg at mirbsd.de
Wed Mar 19 22:22:03 UTC 2014


Control: severity -1 normal

Joey Hess dixit:

>Also, /usr/sbin/make-ssl-cert uses openssl req, and strace shows it
>also reading only 32 bytes bits of entropy.

We talked a bit about it in IRC. I think this is no need to panic.
While I still think that 32 bytes is cutting off a safety margin
I’d prefer to have I’ve been pointed to readings that make me agree
that not having the entire keysize in bits is required.

I recall people asking the arc4random implementations on GNU/Linux
systems to restrict themselves to seed with only 16 bytes, due to
the much smaller size of Linux {,u}random. So this may be deliberate.

I think the OpenSSL situation may be improved by using a RANDFILE,
like PGP and GnuPG use their seed files, since that’s mixed into
its internal PRNG. That’s something the local admin or user must
do by themselves but could be an interesting way to increase the
amount of entropy available to each openssl(1) invocation without
unduly burdening the kernel pool. Methods to fill it (especially
initially) are abundant.

I’m lowering priority to normal, for now. Maybe someone from Linux,
OpenSSL, or elsewhere will comment on this issue, too.

>ENTROPY_NEEDED is hardcoded to 32.

Is that OpenSSL/Debian, OpenSSL/GNU/Linux, or OpenSSL in general,
by the way? (While I’m not unfamiliar with the codebase, the one
I’m using on BSD differs.)

bye,
//mirabilos
-- 
<Natureshadow> Warum ist MirWebseite eigentlich so cool?  <mirabilos> weil ich
ich sie geschrieben habe  <Natureshadow> Hast du sie geschrieben oder geforkt?
<mirabilos> geschrieben, from scratch  <Natureshadow> Ach, deshalb finde ich
auch so selten Bugs dadrin. Irgendwie hast du Recht.



More information about the Pkg-openssl-devel mailing list