[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] key generation on first boot with low entropy



On 1/14/14 7:39 PM, anarcat wrote:
> How does tor generate its private key? Does it use /dev/random? Is there
> an issue with bootstrapping a new tor node straight from the first
> install, when entropy is potentially low?

Hi. I'm not entirely sure of the answer. I'll make a guess.
Reading the source of (the tarballed) Tor 0.2.4.20.

RSA router key and identity is created in router.c

router.c line 767 in init_keys()
line 770 --> prkey = init_key_from_file(keydir, 1, LOG_ERR)
line 393 --> prkey = crypto_pk_new()

crypto.c line 382 in crypto_pk_new()
line 386 --> rsa = RSA_new()

RSA_new() is from OpenSSL [1]

(curve25519 keys might be handled differently, I haven't looked)

I think you can find a lot of information on how OpenSSL handles its entropy. I'm not sure, but I think OpenSSL uses the non-blocking /dev/urandom which is secure under most conditions, but not in your scenario.

You might want to delay Tor startup / key generation a bit and not do it immediately after boot. If it is possible in your setup, you can simply write entropic bits to /dev/(u)random, like so:

echo "Jf3Gy7K5gvD2dcF" > /dev/urandom

Of course that string should be longer, and should be different in every instance you use it in (and of course it should be secret for any attacker)

Thanks for linking haveged. I hadn't hear about it before. I do have some doubts about its utility. As someone else has put it a year ago in a relevant thread (read it) [3]:

"as a non-mathematician, this sounds a bit like "we make a lot [of entropy] out of little". Maybe somebody could shed some light on this.."

Regards,
Gerard

[1] https://www.openssl.org/docs/crypto/RSA_new.html
[2] http://man7.org/linux/man-pages/man4/random.4.html
[3] https://lists.torproject.org/pipermail/tor-talk/2013-January/027075.html
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk