[tor-talk] key generation on first boot with low entropy
anarcat
anarcat at koumbit.org
Tue Jan 14 18:39:39 UTC 2014
Working on Torride, one of the questions I was asked was: "what do you
do about entropy?" to which I answered "nothing, so far, what do *you*
think I should be doing?", to which the answer is, right now fuzzy.
The concern here is what happens when Tor starts up the first time. I
believe it creates a public/private key pair for its cryptographic
routines. In Torride, this is done right on the start of the operating
system, when the entropy of the system is low or inexistent.
A similar issue affects OpenSSH, but from what I understand, the way
they work around that is by using /dev/random, which simply blocks until
entropy becomes available.
How does tor generate its private key? Does it use /dev/random? Is there
an issue with bootstrapping a new tor node straight from the first
install, when entropy is potentially low?
If so, what workarounds would you recommend? I have been told to install
haveged, but this doesn't work in all environments and there's no
guarantee that tor will start after haveged in current Debian boot
scripts.
Thanks for any feedback,
A.
--
Never attribute to malice that which can be adequately explained by
stupidity, but don't rule out malice.
- Albert Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140114/42ba6d7d/attachment.sig>
More information about the tor-talk
mailing list