Entropy and DSA key

Dan Astoorian djast at cs.toronto.edu
Wed Nov 7 09:19:04 EST 2001


On Tue, 06 Nov 2001 15:51:35 EST, Lutz Jaenicke writes:
> On Tue, Nov 06, 2001 at 01:38:40PM -0600, mouring at etoh.eviladmin.org wrote:
> > I would perfer OpenSSL handle all the entropy behind the scenes.  It would
> > make our life easier in the portable group.  However it only removes
> > around 1000 lines of code in a 55,000 line project (I'm refering to
> > portable.  OpenBSD's ssh tree is 45,000 lines.).
> 
> I would not expect this to happen. OpenSSL is used by a lot of security
> relevant applications, many of them running with root permission.
> The OpenSSL library does contact the hardcoded /dev/[u]random location
> and will query some hardcoded locations for a PRNGd/EGD socket.
> I don't think a library should do things beyond this level. I really
> don't want a library to try and run commands (maybe with root permission)
> behind my back.

The application needs to get the entropy from somewhere.  If OpenSSL
leaves it up to the application (and we're talking about the same app
linked against OpenSSL, i.e., the one perhaps running with root
permission) to find it, then some of those apps are likely to do the job
badly, perhaps by supplying bad entropy or by taking insecure actions.

That's why I don't think it's such a bad thing, _compared with the
alternatives_, for the OpenSSL library, as a last resort, on systems
without /dev/random, and where PRNGD is not operating, to run one
hardcoded, well-audited command, which has the sense to give up its
privileges as soon as possible.

I'd certainly prefer that to the status quo, where OpenSSH's sshd runs
dozens of commands as root.

If you need a precedent for libraries running commands, look at
/usr/lib/pt_chmod and /usr/lib/utmp_update under Solaris.

-- 
Dan Astoorian               People shouldn't think that it's better to have
Sysadmin, CSLab             loved and lost than never loved at all.  It's
djast at cs.toronto.edu        not, it's better to have loved and won.  All
www.cs.toronto.edu/~djast/  the other options really suck.    --Dan Redican



More information about the openssh-unix-dev mailing list