Re: gnome-keyring Generating RSA keys from /dev/urandom
- From: Nikos Mavrogiannopoulos <nmav gnutls org>
- To: Stef Walter <stefw collabora co uk>
- Cc: "gnome-keyring-list gnome org" <gnome-keyring-list gnome org>
- Subject: Re: gnome-keyring Generating RSA keys from /dev/urandom
- Date: Thu, 09 Dec 2010 17:28:42 +0100
On 12/07/2010 05:25 PM, Stef Walter wrote:
> I'm working on RSA key generation in gnome-keyring PKCS#11 stuff.
>
> I'd also like to generate a single RSA 2048-bit key per user, which
> will be used to sign and encrypt their PKCS#11 store. The reason for
> using PK signing instead of a simple HMAC is so that we can verify
> things in the store (like trust exceptions) without unlocking it, but
> then require an unlock in order to modify it. Such a key would be
> generated at or around the first login time. In gnome-keyring we use
> libgcrypt. libgcrypt by default uses /dev/random as a random source
> to generate the key. However this blocks for unacceptable amounts
> (minutes to hours) of time when generating a 2048 bit RSA key.
> GnuTLS, OpenSSL, NSS all use /dev/urandom to generate their RSA keys.
> I'd like to make gnome-keyring also have this behavior. We can do
> this easily by setting a flag for libgcrypt. But I want to make sure
> I get appropriate feedback before doing this.
/dev/random is pretty useless for cryptographic (any) applications,
unless there is an open time limit (i.e. wait 10 minutes until there is
entropy enough to start a TLS session). Usually user's (like me) don't
want to do that, thus /dev/urandom comes to play. There are not known
weaknesses so far as long as there was gathered randomness at some point.
A description and study of it can be seen at
http://www.pinkas.net/PAPERS/gpr06.pdf
There are other (maybe better) alternatives to /dev/random algorithm
that do not require blocking, but in linux that's all we have.
regards,
Nikos
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
