[systemd-devel] Delaying (SSH) key generation until the urandom pool is initialized

Leonid Isaev lisaev at umail.iu.edu
Wed Apr 30 10:30:34 PDT 2014


Hi Florian,

	Let me see if I understand you... First, where did you get the logs
from: syslog or journald? 

On Wed, 30 Apr 2014 14:02:11 +0200
Florian Weimer <fweimer at redhat.com> wrote:

> [...]
>
> Using /dev/urandom for key generation is fine once its pool is seeded.

Are you concerned that the PRNG is not seeded properly and hence the keys are
cryptographically weak?

I thought that openssh uses openssl which in turn has its own PRNG that is
seeded from /dev/random and /dev/urandom.
 
> Using existing key generation algorithms with /dev/random instead does 
> not work because they consume too much entropy and can block for 
> significantly more time than just a few minutes.

Entropy is not a problem if you run a daemon like haveged.

Indeed, archlinux iso images provide a service which generate 2048 bit gpg keys
(for package signing) on each boot with no delay (and gpg uses /dev/random).

Moreover, I run ssh-keygen on-boot to generate a volatile key for the root
account, and the order of services appears to be correct (taken from journal -o
verbose):

11:46:15.252713 CDT -- random: nonblocking pool is initialized
11:46:15.970371 CDT -- haveged is operational
11:46:17.576259 CDT -- ssh-keygen exits

Cheers,
L.

-- 
Leonid Isaev
GPG fingerprints: DA92 034D B4A8 EC51 7EA6  20DF 9291 EE8A 043C B8C4
                  C0DF 20D0 C075 C3F1 E1BE  775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140430/9d449976/attachment.sig>


More information about the systemd-devel mailing list