[NTLUG:Discuss] ssh key generation
Burton Strauss
Burton_Strauss at comcast.net
Thu Jun 23 18:52:11 CDT 2005
Also, make sure you have enough sources of entropy.
Strangely: If you are just leaving the system alone, you are actually
defeating yourself as you aren't introducing much entropy. Get on the web,
move the mouse, delete files, etc.
You can see the state of the pool via
# cat /proc/sys/kernel/random/entropy_avail
3648
-----Burton
# man 4 random
RANDOM(4) Linux Programmer's Manual
RANDOM(4)
NAME
random, urandom - kernel random number source devices
DESCRIPTION
The character special files /dev/random and /dev/urandom
(present since Linux 1.3.30) provide an
interface to the kernel's random number generator. File /dev/random
has major device number 1 and
minor device number 8. File /dev/urandom has major device number 1
and minor device number 9.
The random number generator gathers environmental noise from device
drivers and other sources into an
entropy pool. The generator also keeps an estimate of the number of
bits of noise in the entropy
pool. From this entropy pool random numbers are created.
When read, the /dev/random device will only return random bytes
within the estimated number of bits
of noise in the entropy pool. /dev/random should be suitable for
uses that need very high quality
randomness such as one-time pad or key generation. When the
entropy pool is empty, reads from
/dev/random will block until additional environmental noise is
gathered.
When read, /dev/urandom device will return as many bytes as are
requested. As a result, if there is
not sufficient entropy in the entropy pool, the returned values
are theoretically vulnerable to a
cryptographic attack on the algorithms used by the driver. Knowledge
of how to do this is not avail-
able in the current non-classified literature, but it is
theoretically possible that such an attack
may exist. If this is a concern in your application, use /dev/random
instead.
CONFIGURING
If your system does not have /dev/random and /dev/urandom created
already, they can be created with
the following commands:
mknod -m 644 /dev/random c 1 8
mknod -m 644 /dev/urandom c 1 9
chown root:root /dev/random /dev/urandom
When a Linux system starts up without much operator interaction, the
entropy pool may be in a fairly
predictable state. This reduces the actual amount of noise in the
entropy pool below the estimate.
In order to counteract this effect, it helps to carry entropy pool
information across shut-downs and
start-ups. To do this, add the following lines to an appropriate
script which is run during the
Linux system start-up sequence:
echo "Initializing kernel random number generator..."
# Initialize kernel random number generator with random seed
# from last shut-down (or start-up) to this start-up. Load and
# then save 512 bytes, which is the size of the entropy pool.
if [ -f /var/random-seed ]; then
cat /var/random-seed >/dev/urandom
fi
dd if=/dev/urandom of=/var/random-seed count=1
Also, add the following lines in an appropriate script which is run
during the Linux system shutdown:
# Carry a random seed from shut-down to start-up for the random
# number generator. Save 512 bytes, which is the size of the
# random number generator's entropy pool.
echo "Saving random seed..."
dd if=/dev/urandom of=/var/random-seed count=1
PROC INTERFACE
The files in the directory /proc/sys/kernel/random (present since
2.3.16) provide an additional
interface to the /dev/random device.
The read-only file entropy_avail gives the available entropy.
Normally, this will be 4096 (bits), a
full entropy pool.
The file poolsize gives the size of the entropy pool. Normally, this
will be 512 (bytes). It can be
changed to any value for which an algorithm is available.
Currently the choices are 32, 64, 128,
256, 512, 1024, 2048.
The file read_wakeup_threshold contains the number of bits of entropy
required for waking up pro-
cesses that sleep waiting for entropy from /dev/random.
The default is 64. The file
write_wakeup_threshold contains the number of bits of entropy below
which we wake up processes that
do a select() or poll() for write access to /dev/random. These
values can be changed by writing to
the files.
The read-only files uuid and boot_id contain
random strings like
6fd5a44b-35f4-4ad4-a9b9-6b9be13e1fe9. The former is generated
afresh for each read, the latter was
generated once.
FILES
/dev/random
/dev/urandom
AUTHOR
The kernel's random number generator was written by Theodore Ts'o
(tytso at athena.mit.edu).
SEE ALSO
mknod (1)
RFC 1750, "Randomness Recommendations for Security"
Linux 2003-10-25
RANDOM(4)
-----Original Message-----
From: discuss-bounces at ntlug.org [mailto:discuss-bounces at ntlug.org] On Behalf
Of brian at pongonova.net
Sent: Thursday, June 23, 2005 5:29 PM
To: discuss at ntlug.org
Subject: Re: [NTLUG:Discuss] ssh key generation
Unless you're trying to protect national security secrets, 8192 bits is
overkill. 2048 bits is more than sufficient, and probably won't be broken
in your lifetime...
But yes, expect several hours of processing on your 8K-bit key.
--Brian
On Thu, Jun 23, 2005 at 06:00:54PM -0500, Ralph Green, Jr. wrote:
> Howdy,
> I am generating some new public/private key pairs to use for
> communicating to a new server.
> I have not done this in a while and I am a little concerned about how
> long it is taking.
> The machine is a P2/366 running SuSE 9.3. I issued the command:
> ssh-keygen -b 8192 -t dsa
> It has been running for two and a half hours so far. Is it
> conceivable that it is running ok? I don't seem to be swapping even
> though the system only has 192 meg of ram.
_______________________________________________
https://ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list