Bug 102152

Summary: ps aux|md5sum; ps alx|md5sum does not have very much entropy
Product: [Retired] Red Hat Raw Hide Reporter: Pekka Pietikäinen <pp>
Component: redhat-config-networkAssignee: Harald Hoyer <harald>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-10-27 13:12:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pekka Pietikäinen 2003-08-11 20:19:46 UTC 
Description of problem:

From editipsec.py:

  def on_generateAHKeyButton_clicked(self, *args):
        command = '/bin/sh'
        (status , key ) = gtkExecWithCaptureStatus(command = command,
                                                   argv = [command, '-c',
                                                           '(ps aux|md5sum;ps
alx|md5sum) | tr -cd 0-9 2>/dev/null'])

is not even close to being random enough for generating cryptographic keys.

Please use something like

dd if=/dev/random count=16 bs=1| xxd -ps 

which should generate a nice random (tm) 128-bit key in hex, which the ipsec 
code should handle if a 0x is added to the beginning.

Or even better, some native python with the same effect :-)

The CIPE config part does something similar.
Comment 1 Harald Hoyer 2003-09-01 14:10:33 UTC 
yep, thx for the hint..