[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] services: Add 'dropbear-service'.

From: Leo Famulari
Subject: Re: [PATCH 2/2] services: Add 'dropbear-service'.
Date: Sat, 9 Jul 2016 18:41:25 -0400
User-agent: Mutt/1.6.0 (2016-04-01)

On Thu, Jul 07, 2016 at 01:25:17PM -0400, Leo Famulari wrote:
> If so, what does Dropbear do? How does it get random numbers to generate
> the host key?

I looked into it — Dropbear uses /dev/urandom, which *may* not be safe
to use immediately after first boot.

What do you think about implementing the '-R' option, described below?

>From dropbear(8) [0]:

"Host key files are read at  startup  from  a  standard  location,  by  default
/etc/dropbear/dropbear_dss_host_key,  /etc/dropbear/dropbear_rsa_host_key, and
/etc/dropbear/dropbear_ecdsa_host_key or specified on the commandline with -r.
These  are  of the form generated by dropbearkey. The -R option can be used to
automatically generate keys in the default location - keys will  be  generated
after  startup  when the first connection is established. This had the benefit
that the system /dev/urandom random number source has a better chance of being
securely seeded."


reply via email to

[Prev in Thread] Current Thread [Next in Thread]