[8057] in cryptography@c2.net mail archive
Re: Lots of random numbers
daemon@ATHENA.MIT.EDU (Ray Dillinger)
Thu Nov 16 17:21:27 2000
Date: Thu, 16 Nov 2000 12:42:23 -0800 (PST)
From: Ray Dillinger <bear@sonic.net>
To: Rich Salz <rsalz@caveosystems.com>
Cc: cryptography@c2.net
In-Reply-To: <3A135259.A07F409F@caveosystems.com>
Message-ID: <Pine.LNX.4.21.0011161236400.24675-100000@bolt.sonic.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 15 Nov 2000, Rich Salz wrote:
>I'm putting together a system that might need to generate thousands of RSA
>keypairs per day, using OpenSSL on a "handful" of Linux machines. What do
>folks think of the following: take one machine and dedicate it as an entropy
>source. After 'n' seconds turn the network card into promiscuous mode, scoop
>up packets and hash them, dump them into the entropy pool. Do this for 'm'
>seconds, then go back to sleep for awhile. The sleep and wake times are
>random numbers. Other systems on the newtwork periodically make an SSL
>connection to the entropy box, read bytes, and dump it into their /dev/random
>device.
>
>Is this a cute hack, pointless, or a good idea?
It is an excruciatingly bad idea. Consider the attacker with a "sniffer"
on your network (one of your own boxes can be a sniffer, if he gets any
trojan code into it). He listens and records all the packets. He has
a starting point a hell of a lot better than random on your entropy pool.
Hence, on the entropy pool of all your machines.
You need a source of real randomness. There are commercially-produced
cards that use noisy diodes - stick one of those into the bus and run
Yarrow on the output of it.
I advise against transmitting random numbers over your network if you
can avoid it. Locally produced is best, any transmission is a potential
compromise.
Bear
