[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] key generation on first boot with low entropy



On Wed, Jan 15, 2014 at 6:33 AM, Gerardus Hendricks
<konfkukor@xxxxxxxxxx> wrote:
> On 1/14/14 7:39 PM, anarcat wrote:
>> How does tor generate its private key? Does it use /dev/random? Is there
>> an issue with bootstrapping a new tor node straight from the first
>> install, when entropy is potentially low?


If you're worried about the particular scenario where you've got a
device --especially a diskless device -- that has never been booted
before, one option is to have the script you use to start Tor check
whether an identity key has been created.  If it hasn't, it should try
to read a byte from /dev/random before it starts Tor, and block until
it actually can read that byte.

This is an ugly hack, of course!  I'd much prefer if kernels
everywhere would have /dev/urandom block in the case when there has
never been enough entropy in /dev/urandom.

I've added a ticket
(https://trac.torproject.org/projects/tor/ticket/10676) for better
workarounds for this.

-- 
Nick
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk