[Pkg-openssl-devel] Bug#742145: openssl: uses only 32 bytes (256 bit) for key generation
Thorsten Glaser
tg at mirbsd.de
Wed Mar 19 11:50:54 UTC 2014
Package: openssl
Version: 1.0.1f-1
Severity: serious
Tags: security
Justification: security issue
strace openssl genrsa 4096
Looking at the output:
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3
fstat(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
poll([{fd=3, events=POLLIN}], 1, 10) = 1 ([{fd=3, revents=POLLIN}])
read(3, "\226\21L.\2707\352\242\372_\10T\306\201\320\200\351bU\206\26\2556?\303\360\223\263jw\370j", 32) = 32
close(3) = 0
I’d expect OpenSSL to use more than *at best* 256 bits of
entropy for generating a key of 4096 bits length.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Versions of packages openssl depends on:
ii libc6 2.18-4
ii libssl1.0.0 1.0.1f-1
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-bundle [ca-certificates] 20130106+tarent4
-- no debconf information
More information about the Pkg-openssl-devel
mailing list