[systemd-devel] Delaying (SSH) key generation until the urandom pool is initialized
Leonid Isaev
lisaev at umail.iu.edu
Wed Apr 30 10:30:34 PDT 2014
Hi Florian,
Let me see if I understand you... First, where did you get the logs
from: syslog or journald?
On Wed, 30 Apr 2014 14:02:11 +0200
Florian Weimer <fweimer at redhat.com> wrote:
> [...]
>
> Using /dev/urandom for key generation is fine once its pool is seeded.
Are you concerned that the PRNG is not seeded properly and hence the keys are
cryptographically weak?
I thought that openssh uses openssl which in turn has its own PRNG that is
seeded from /dev/random and /dev/urandom.
> Using existing key generation algorithms with /dev/random instead does
> not work because they consume too much entropy and can block for
> significantly more time than just a few minutes.
Entropy is not a problem if you run a daemon like haveged.
Indeed, archlinux iso images provide a service which generate 2048 bit gpg keys
(for package signing) on each boot with no delay (and gpg uses /dev/random).
Moreover, I run ssh-keygen on-boot to generate a volatile key for the root
account, and the order of services appears to be correct (taken from journal -o
verbose):
11:46:15.252713 CDT -- random: nonblocking pool is initialized
11:46:15.970371 CDT -- haveged is operational
11:46:17.576259 CDT -- ssh-keygen exits
Cheers,
L.
--
Leonid Isaev
GPG fingerprints: DA92 034D B4A8 EC51 7EA6 20DF 9291 EE8A 043C B8C4
C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140430/9d449976/attachment.sig>
More information about the systemd-devel
mailing list