Re: Glen Turner: Key generation

In his blog Glen writes on the Debian OpenSSL stuffup:

Hopefully this fiasco will re-energise hardware manufacturers into providing hardware-based randomn number generation. The current scavenging across the operating system for any source of entropy isn’t acceptable and is one of the root causes of this current flaw.

But this wouldn’t have helped in this situation as OpenSSL already supported those sources but the patch ((which was posted to the openssl-dev list for comments prior to being applied, well worth a read as it’s a short thread )) effectively removed the call to add those (and all other) sources of entropy into the pool, leaving just the PID – hence 32,768 possible keys.. 🙁

If you’re an LWN subscriber (and if you’re not, you should be!) this article is well worth a read (it’ll become accessible to non-subscribers on Thursday, Australian time)..