[Opendnssec-user] ods-signerd calling vmstat?!?

Rickard Bellgrim rickard at opendnssec.org
Mon Sep 2 11:13:51 UTC 2013 

> Wow, that is pretty epic - in a bad way...... Am I really trusting
> opendnssec
> to generate RSA keys with the below code for entropy? filenames in /tmp?
>

CONCLUSION: The file names in the tmp directory will only be used as one of
the last resorts if not enough entropy has been gathered from the other
sources. Also, the seed will go through two layers of RNGs before used in
the cryptographic operations.

Below is a summary of my finding regarding the Botan RNG.

The Botan RNG is based on the ANSI_X931_RNG class. It is the standard issue
X9.31 Appendix A.2.4 PRNG, though using AES-256 instead of 3DES as the
block cipher. This PRNG implementation has been checked against official
X9.31 test vectors.

Internally, the ANSI_X931_RNG holds a pointer to another PRNG. This
internal PRNG generates the key and seed used by the X9.31 algorithm, as
well as the date/time vectors. Each time an X9.31 PRNG object receives
entropy, it passes it along to the PRNG it is holding, and then pulls out
some random bits to generate a new key and seed.

The internal PRNG in the ANSI_X931_RNG is of class
HMAC_RNG(af.make_mac("HMAC(SHA-512)"), af.make_mac("HMAC(SHA-256)") or
Randpool(af.make_block_cipher("AES-256"), af.make_mac("HMAC(SHA-256)")).

The internal PRNG is set to the following entropy sources on Unix:
High_Resolution_Timestamp(), Intel_Rdrand(),
Device_EntropySource(split_on("/dev/random:/dev/srandom:/dev/urandom",
':')), EGD_EntropySource(split_on("/var/run/egd-pool:/dev/egd-pool", ':')),
FTW_EntropySource("/proc"), and
Unix_EntropySource(split_on("/bin:/sbin:/usr/bin:/usr/sbin", ':').

When polling for entropy, the PRNG will start with the first entropy source
added and then go through the list. The last entropy source,
Unix_EntropySource, will include the list of commands as mentioned earlier
in this email thread. The “ls -alni /tmp” has priority 4 out of 5. This
makes it one of the last commands in the last entropy source.

// Rickard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20130902/96e422df/attachment.htm>

More information about the Opendnssec-user mailing list