Working on Torride, one of the questions I was asked was: "what do you
do about entropy?" to which I answered "nothing, so far, what do *you*
think I should be doing?", to which the answer is, right now fuzzy.
The concern here is what happens when Tor starts up the first time. I
believe it creates a public/private key pair for its cryptographic
routines. In Torride, this is done right on the start of the operating
system, when the entropy of the system is low or inexistent.
A similar issue affects OpenSSH, but from what I understand, the way
they work around that is by using /dev/random, which simply blocks until
entropy becomes available.
How does tor generate its private key? Does it use /dev/random? Is there
an issue with bootstrapping a new tor node straight from the first
install, when entropy is potentially low?
If so, what workarounds would you recommend? I have been told to install
haveged, but this doesn't work in all environments and there's no
guarantee that tor will start after haveged in current Debian boot
scripts.
Thanks for any feedback,
A.
--
Never attribute to malice that which can be adequately explained by
stupidity, but don't rule out malice.
- Albert Einstein
Attachment:
pgpSR7fy_r9Ex.pgp
Description: PGP signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk